Getting Hardware

Datapads are the device of choice for the masses. Wafer thin and about the size of a smartphone, datapads are as powerful as a 21st century computer - which means that they’re more than enough for the casual user. You can also get smaller “headless” versions with no screen - they look a bit like a credit cartridge, and are meant to be used with smart peripherals. Datapads are convenient, but they’re underpowered for heavy-duty work.

Terminals are basically desktop computers, and are miniature supercomputers by 21st century standards. They’re not a common fixture in most family homes - a datapad is enough for most people - but you might find them in the house of a hardcore hobbyist, scientist or hacker. They’re also an integral part of any starship.

Decks are portable terminals, a hacker’s best friend and the Firmament’s equivalent of a laptop. They don’t have a screen or keyboard though - they look like featureless plastic bricks with some retractable ports and lenses on the side. They’re almost always used with smart peripherals, but if necessary can be used in “projector mode” by setting them down on a flat surface and interacting with a 3-dimensional hologram.

Mainframes are big servers with vast amounts of processing power and storage space - the kind of thing that can calculate a navkey for interstellar travel. It’s not uncommon for a big corporate office to have a single mainframe and no terminals at all - individual employees just connect with a pair of smart goggles or a holoprojector station.

Smart Peripherals

Staying anchored in “flatland”, as hackers call it, is fine for the casual user or the terminal drone in a corporate office. More active types find it restrictive and inconvenient though, and these power users prefer to connect their device to a pair of smart glasses or lenses.

Most of the time, these peripherals run in HUD mode. The user’s vision is overlayed with an unobtrusive user interface, and sophisticated cameras and object recognition protocols allow them to interact with their device using gestures and eye movements. For making a phone call, doing a quick search or other basic tasks, this is the best of both worlds.

For more absorbing tasks you can switch to VR mode, known as “goggling in” by hackers. With your entire vision filled by the user interface and a pair of headphones in your ears, you can immerse yourself entirely in cyberspace without needing to sit at a terminal or stand in front of your deck like an idiot. This is generally required for hacking, interacting with complex applications, and similar tasks.

Full Immersion

For some people, a pair of goggles and a set of earphones isn’t enough. The next step up is a SenseNet - a web of electrodes that is usually contained neatly in a cloth headband. You connect it to your deck or terminal directly, and it allows you to experience what is known as “full sensory immersion”. Ordinary folks use a SenseNet to experience VR on a level that is impossible with some smart goggles and a fancy camera - in fact, SenseNet is the most common reason for consumers to purchase their own terminal or deck. But the instant reaction times afforded by a SenseNet are useful to hackers, too.

Hacking while fully immersed in cyberspace is a rush, and gives you the edge that every netrunner seems to need. The interface is the same, but you’re not limited by the latency between your brain and your hands. As soon as you can think a command, it’s happening. There are dangers, though - when you put on a SenseNet, the grid is no longer an abstract thing. It’s real and dangerous - suddenly terms like “biofeedback” and “neural static” become scary. Being immersed in a SenseNet has the following effects:

Wounds from dumpshock are quite capable of permanently injuring or even killing a netrunner. Roll normally on the Injury Table if it’s called for - these injuries generally come from some form of brain damage, rather than actual damage to the body itself.

Getting Connected

In the Firmament, connectivity is usually considered to be a public service on the same level as roads and law enforcement. Whether you can afford the hardware is another matter, but the days of broadband providers are far in the past. Anywhere you’d expect to have cellular reception in the modern day will be covered by high-latency wireless networks that anyone can access. This system is widely known as “the grid” on almost every world, and you’re either on it or off it. It’s just one big wide-area network, so you’ll never have to worry about finding a coffee shop with free wifi.

The grid might be a single WAN, but that doesn’t mean connectivity is guaranteed - especially on the Rim. More remote environs are often deadzones. Your datapad or deck won’t be of much use in those areas without a satellite uplink (starships have this kind of hardware built in). Even these connections are sluggish at best, imposing a -2 penalty to all skill rolls. The same penalties apply to anyone trying to interact with a satellite or ship in orbit.

The final limitation on connectivity is distance. The grid you connect to is local to the region you’re in - such as a planet, lunar colony or space station. Even at lightspeed, connections to another grid halfway across the system can take minutes or even hours. In addition to making realtime communication impossible, accessing systems or information on another grid in the same star system imposes a -4 penalty to all rolls. Megacorps are fond of keeping sensitive data in heavily guarded deep-space “silos” for this very reason.


Systems on the grid consist of nodes, which are basically networks of any size. Simple systems only have a single node - for example, your datapad and connected peripherals count as a node. Even a whole building could place all of its tasks - lighting, security, computing - under the responsibility of one node. More complex systems, though, may have a multitude of networked nodes. Systems with multiple nodes are harder to hack, but are also more expensive and complicated to monitor. Megacorps will have hundreds spread throughout the world, and just figuring out how to navigate the maze and get to the data you need is its own challenge.

Broadly speaking, a hacker might encounter four kinds of nodes:

If a node is on the grid, you can connect to it as long as you know its address. You can also connect to a node directly, without knowing its address or going via the grid. This usually requires you to be within 50” of it, but in some cases might require you to physically plug into an access point. This means you can hack someone’s datapad or the building your team is infiltrating without needing to search the grid for it.

Here’s an example of the layout of a large library, illustrating each kind of node:

If you wanted to get access to a rare book on the library’s system, just hacking the access node wouldn’t be enough. You would need to pivot deeper into the system and take over the collection node in order to get the data you want.

Breaking the ICE

Every system - whether it’s a radio detonator, a corporate node, or a hacker’s deck - is rated by the quality of its ICE (intrusion countermeasures & electronics). This rating represents the overall power of the system and how forgiving it is to hack with, as well as how good its security protocols and defenses are. A deck with high ICE has less reaction lag and can handle more strain, giving you more time to complete the run before you get booted out of a system.

The table below gives the different levels of ICE that systems can have, along with how much it’ll cost to get a deck with that level of security:

Deck Type ICE Cost
Cheap 4 600
Streetware 6 1200
Enterprise Grade 8 2500
Military Grade 10 10K
Bleeding Edge 12 20K


So, you want to hack something. If what you’re trying to achieve is small, the GM might just ask you to make a Hacking roll against the target’s ICE rating. This includes making anonymous payments, hacking someone’s social media, tricking a vending machine or anything else which doesn’t require a full-on intrusion into a system. Otherwise, it’s a netrun.

During a netrun, the attacker is trying to gain control of a node belonging to the defender. When the netrun begins, the attacker and defender both get tokens based on their ICE rating. Each round (usually about 10 minutes of real time), the attacker makes a Hacking roll and the defender rolls their ICE skill. For example, a streetware-level system would roll d6 to defend itself. If the system is being actively monitored by a security expert or autonomous system, they can make an Electronics or Hacking roll to Support the system’s ICE.

If the attacker runs out of tokens, it means that the system’s ICE has overwhelmed their deck. It crashes, taking it offline for 10 minutes and ending the run. If the defender runs out of tokens, it means that the attacker has successfully gained control of the system. The attacker can jack out of the system at any time as an action, giving up on the run before they get booted out. Doing so does not reset the alert level, however.

Circumstance Modifier
Alert -1
High Alert -2
User Access Codes +1
Security Access Codes +2
Hacking on the Fly -2
Full Immersion +1
Datapad -2
Damaged deck -2

Alert Levels represent the defender’s awareness of the attacker’s presence. Alert levels are usually system-wide, but on very large systems might only affect a subset of nodes. Defenders usually begin at No Alert, but can increase to Alert or High Alert as the run progresses. If the system goes beyond High Alert, the attacker is automatically dumped out.

Access Codes are a foothold on the system, making it easier to launch an attack. They are usually literal access codes (like a password), but could also be a tap plugged into a physical access port or a hacker quickly sneaking onto an unattended terminal. They could also represent a backdoor from a previous run.

Hacking on the Fly allows the attacker to make a roll every combat round, instead of every 10 minutes. This is useful in tense situations like combat, but carries a hefty penalty.

Tactical Advantages

The rules above are designed to be simple and straightforward, so that running the net isn’t a time-consuming and distracting task that detracts from the enjoyment of other players. However, you should throw in opportunities and complications during a netrun that inject some life into it, and allow both sides to affect the outcome. This is what turns a hack into a netrun.

Some examples:

Multiple Netrunners

Sometimes you might jack into a system, only to find that you’re not the only one here. Multiple netrunners can attack the same system; if they’re on the same side, just treat it as a Support action. If they’re not, the defender gets a separate stack of tokens for each attack - but the alert level is universal. A bunch of netrunners independently blundering around in a system are much more likely to trip the alarms.

Sometimes, a netrunner might want to boot another hacker off the system so they can have it all to themselves. You can use the rules above to run this - just change who the “defender” is in this context. You roll against the ICE of another hacker to take their tokens away, and they can support their ICE with the Hacking skill.


Assuming the netrun was actually successful, the attacker now has control over the node they were trying to hack. They can now manipulate the node - such as taking over security cameras, opening doors or downloading data - with a flat Hacking roll as an action. On a failure, the alert level increases (but the action is still performed). Making permanent modifications (like installing a backdoor or virus) is riskier - the Hacking roll is opposed by the node’s ICE.

The alert level can also be manually increased by system administrators and the like. For example, a suspicious admin might make a Research roll to check the database and find unauthorised changes made by a ‘runner. Based on this, they might raise the alarm.

How long you maintain access to a system depends on the alert level:

You can try to get back into a system after you lose access, but alert levels don’t reset after a run. Depending on how paranoid the organisation is, it could take days or even weeks for the security team to relax their vigil.


When a netrun ends - regardless of how - there may be additional consequences that follow you home. Maybe you got booted out, maybe you gave up halfway through, or maybe you got in but made too much noise and were eventually detected. Either way, the consequences depend on the alert level:

Black ICE

Most of the time, a system’s ICE is just focused on getting rid of an attacker. It consumes resources, causes system instability, and locks down access to prevent an intrusion and kick the hacker off their system. However, some systems and devices employ “Black ICE”, which takes it a step further. Black ICE is designed to overload circuits and bypass safety mechanisms, causing permanent damage to a device. It’s expensive, and tends to be illegal without special clearance.

If you get booted out of a system with Black ICE, key components of your device are permanently damaged. Until you can repair them for 10% of the device’s value, all skill rolls are made at a -2.

Writing Software

The Hacking skill is not just used to bypass security, but to create programs. Most of the time, this process can be abstracted away. When you make a Hacking roll to get into a system, we assume that part of that roll includes the utilities and custom software in your arsenal. Occasionally, though, you might want to write a specific program do something.

It could take anywhere from a few hours to a week to write a new program. To make it easier to come up with your own programs, you can split them up into 4 categories:

Actually writing the program is a straight Hacking roll - though the GM may impose a difficulty penalty if what you’re trying to do is more complex or sophisticated than a basic tool.

You can create bigger and more significant software, but it will usually be a longterm project. The GM will work with you to decide exactly what kind of time, resources and special conditions are required to complete it. Examples of big projects include: