The Ends v4.01

[Lich-Loved]

Frank -

First of all, thanks for putting this up. This makes much more sense than the confusing jumble that appears in the SR4 books. Now that I am starting a new SR4 game, I wanted to put these rules into use and recently re-read them . While I still like the overall approach, I do have a few questions:

You seem to want hackers to be able to turn into Scanners and brain hack people, which is an interesting thought, but begs a few questions. For example, suppose I am Joe Pistol and am a technophobe. Consequently, I run a simple-as-possible Commlink with AR Goggles and maybe a glove so I don't have to tap on my link; I certainly don't use a sim module, so I get no VR. With no DNI, how can a hacker brain hack me? For that matter, suppose I just take the damn thing off at night or when on a run (so my link address forms no datarail), where is the DNI? Even if I were a hacker and use a simrig, since brain hacking would then be possible, wouldn't it to behoove me to only do so when I was actively hacking and able to defend myself? I may even disconnect my rig when I wasn't using it. You make it seem like an unnetworked brain lacking a commlink DNI is easy pickings and I guess I just don't get it.

Another thing that is odd is that you present hacking as beaming high-density signals directly into the target node's memory/core/whatever and causing the desired thing to happen. I guess this whole approach kind of confuses me. Wouldn't high-density signals (which I read as high-frequency) also be high energy, which means they would just fry the electronics (ala a nuke's EMP) or just pass right through the electronics rather than do anything meaningful let alone controllable?

Are these issues just handwaved away in the name of the game, or is there something I am missing?

[schpeelah]

The way I read it, a brain them itself is hackable. I vaguely recall it's written somewhere in there that a 100% natural brain with no electronics is actually completely defenseless against hacking.

[Username17]

Shadowrun's history revolves around super viruses being able to take over the world and delete data in offline storage data banks. Not once, but twice. It happens in 2029 and again in 2065. Clearly, merely declining to have a dataline that connects your hard drive to the outside world is no impediment to whatever the fuck computers do in Shadowrun's future. Similarly, they revolve around absolutely anyone being able to plug a chip into a portable simsense viewer and replace their own sense data and experiences with whatever happens to be on that chip - even up to death - without having any datalines put into their brain at all. Just external gear that you buy at Radioshack or get handed to you as a free sample by a drug dealer.

So the basic idea that you could take your computer off the net just by taking the cord out of the back is actually wrong in Shadowrun's future history. If that was true, then the Crash of '29 couldn't have happened. It would have just fucked up a lot of networked computers and set the internet backwards. As opposed to what it did, which was blow up all the data, networked and non, and forced people to replace everything with new machines, causing a great leap forward as even minor tasks were recreated with newly repurposed and reimagined computers based on new technology.

And similarly, you can't hide from anything by taking implants out of your head or taking computers off your head. Basically, simsense works. If you aren't projecting simsense data into your head from outside, other people can.

The concept of High Density Signals is that they use quantum magic or something to do an ass tonne of equations to arrange to use small energies to very precisely modify charges that are far away. So it sends gamma rays or some shit to cause very precise changes in brains or computers. Having your own computer hooked to your head can disrupt those incoming signals. Thus, getting more and better computers hooked up more directly to your brain makes your brain harder to hack.

-Username17

[Lich-Loved]

Yeah this is what confuses me. Brain waves are very slow things, like 1Hz to 50 Hz or something. This sort of frequency is just not conducive for transmission let alone communications. And to get signals in that range, you need a (dipole) antenna that is half a wavelength, or 5 x10^6 meters in length. This is not practical even if the atmosphere would allow you to observe such a low frequency, which it wouldn't because it is very opaque at that frequency, so you would have to be damned close or lose the signal because of atmospheric attenuation and very low initial signal power levels. It also probably can't be the neural firing rate, which I recall form somewhere is closer to a max of 1000Hz which is still atmospherically opaque and would still require a huge antenna to "see/transmit". Even if we went with antenna designs that are fractional wavelength or of harmonic wavelength, we would end up dealing with higher frequencies (higher energy) that simply passes through the human brain rather than do anything to it.

I still don't get it.


Edit - Ninja'd by Frank. Ok so this i understand. Simsense just works because of high-tech 2071 quantum stuff we do not know about yet, so if you aren't doing it to yourself, someone else can. Thanks!

[Username17]

Yeah, if it makes you feel any better, don't think of it as modifying brain waves (which are just the magnetic residue of the aggregate of electrical pathways), think of it as modifying the firing of actual neurons by triggering or suppressing action potentials individually through quantum phlebtonium.

The real question is why it's so hard to just send people into seizures if you can do simsense at all to even the most ridiculously limited degree. And that's for... um... no reason. Game balance.

-Username17

[Lich-Loved]

Gotchya

So to continue in the vein of a hobbit hammering away on questions to Gandalf figuring as long as he answering I might as well keep asking...

Why do systems (read as commlinks, maglocks, credsticks whatever) bother with passcodes or keys at all? Wouldn't it make more sense just to grab biometrics from the DNI of the user, something like neural propagation time based upon induced stimulus X or neural path length in the hippocampus and go with that instead? Why even have a SIN for that matter, since everyone would basically have an unspoofable means of being identified by their core biometrics?

Edit - err I think I just answered my own question: because the hacker can do 2071-things with his brain computer mix that make him look like he has whatever neural pathlink is expected?

[CatharzGodfoot]

You can just use microwaves or radio waves to make neurons fire more. Presumably if you've got the metahuman brain mapped well enough, you know both excitatory and suppressive pathways, which should make that enough. Then you just need the targeting ability.

But seriously, Shadowrun definitely works best with bullshit quantum computers.

[edit] Edit moved to new post. [/edit]

[Lich-Loved]

Yeah my being an EE probably doesn't help matters much. I should stop thinking and start playing the damn gamed.

[CatharzGodfoot]

Why do systems (read as commlinks, maglocks, credsticks whatever) bother with passcodes or keys at all? Wouldn't it make more sense just to grab biometrics from the DNI of the user, something like neural propagation time based upon induced stimulus X or neural path length in the hippocampus and go with that instead? Why even have a SIN for that matter, since everyone would basically have an unspoofable means of being identified by their core biometrics?

Just pretend that metahuman sensory and motor systems are always almost identical and therefore easy to interface with, while the rest of the brain is too different and mutable to be easily read from or used as a key.

[Username17]

Gotchya

So to continue in the vein of a hobbit hammering away on questions to Gandalf figuring as long as he answering I might as well keep asking...

Why do systems (read as commlinks, maglocks, credsticks whatever) bother with passcodes or keys at all? Wouldn't it make more sense just to grab biometrics from the DNI of the user, something like neural propagation time based upon induced stimulus X or neural path length in the hippocampus and go with that instead? Why even have a SIN for that matter, since everyone would basically have an unspoofable means of being identified by their core biometrics?

Edit - err I think I just answered my own question: because the hacker can do 2071-things with his brain computer mix that make him look like he has whatever neural pathlink is expected?

Speaking as a medical student who does neuroimaging, I would never use my brain structure as a passkey to anything. First of all, it changes over time. Secondly, I couldn't share it with someone else. But in the Shadowrun world, it would make even less sense.

Your brain map is your most important secret - it protects everything you know and love and are. Anything you could possibly be protecting by broadcasting that around as a passkey could not be worth more than the thing you're flashing around. There are plenty of biometric passkeys that people use, with all the associated pain in he ass of having to get access to the device and the new user at the same time to add a new user and not being able to send an invite to the new user directly. And they don't compromise the integrity of the inside of your skull to send back and forth.

Finger prints, retinal scans, and yes even DNA tests are all perfectly workable, and far more secure than sending brain scans around.

-Username17

[spasheridan]

Has this come up in your system yet? A PAN with multiple brains - not a slave / master system like a hacker pwning some luddite, but a true gestalt consciousness.

Think tacnet and explode it - quantum level entangled thought patterns between members of the PAN. Technological ESP. This PAN gets BETTER with more brains in it, the firewall of this PAN is an 8 or a 10 or HIGHER.

Could be cool - hive mind humans are a fun story. Hive mind humans controlled by plants from space (or magic space) are a great horror story. Evil AI spreading it's footprint on the world by pwning more meat puppets. Or you could go with platoons of clones as uber-elite matrix warriors, and then some shadowrunners getting cloned brain matter implanted in their brains with their runner friends so they can have an unbreakable secure and instantaneous com system.

[Vebyast]

Speaking as a medical student who does neuroimaging, I would never use my brain structure as a passkey to anything. First of all, it changes over time. Secondly, I couldn't share it with someone else. But in the Shadowrun world, it would make even less sense.

To make a small argument, public-key crypto makes your second point invalid. You use your brain to either store or be your private key, you generate a broadcast your public key based on your private key, and you're set. Whenever you send a message, you sign it by running it and your private key through some crazy function and tacking the result onto the end of the message. This function behaves in such a way that other people can use your public key to verify that the message was signed using your private key without them being able to reconstruct your private key. It's weird, but it works really, really well.

Of course, this doesn't do anything about your brain changing, so it's a moot point.


[edit]DISREGARD THAT I SUCK COCKS INFORMATION THEORY DOES NOT EXIST IN THIS SETTING[/edit]

[Manxome]

See "A Note on Cryptographic Realism" back on the first page. Public-key crypto basically doesn't exist in The Ends, because it is assumed that a plaintext/ciphertext pair is always sufficient to recover the key.

It should be noted that any biometric lock is usually only as secure as the scanner used to capture the biometric; your biometrics are generally not private and are extremely difficult to change, so anyone who is able to send an arbitrary string of bits and claim it's their own retina scan can impersonate you.

Broadly speaking, there's three kinds of authentication: something you know (like a password or cryptographic key), something you have (like a physical key), or something you are (like your DNA). All of them have pronounced pros and cons.

[Vebyast]

You are correct. I fail at remembering what I read last week. :/

[edit] An idea that just occurred to me: you could still get dice rolls for cracking encryption. If the limits of encryption technology are exactly level with hacking tech, then you could reasonably have a percentage chance of reconstructing a private key correctly given a certain amount of data. For example, a cryptosystem (treat as equipment, say) has a DC, you get bonuses based on how many plaintext-ciphertext messages you have (individual messages, not amount of data!), and you get a bonus based on how good your hacking tools are. You don't know the DC, or the DM rolls, or whatever, the result is hidden. Fail by more than some amount, you don't get a key. Fail by less than a certain amount, you get a key that fits the data you have but has a certain chance of being wrong if you try to use it. Succeed and you get a good key (which is not necessarily _the_ key, mind you). [/edit]

[Lokathor]

Question: If you kill an enemy hacker, and his commlink has a program on it that you don't have, can you just steal his program, or are they optimized to a specific device and so you'd have to re-optimize it... or... what's the deal with that?

[Lokathor]

Played last night two different missions with hacker prominence.

The Party:
``Dwarf Hacker
``Elf Street Samurai
``Elf Magician (GM-NPC, minimal help)

PC Hacker vs NPC Hacker:
I explained that they could tell there was a hacker on the complex, though I suppose I shouldn't have. Matrix Perception and Matrix Stealth checks were made a lot. One of the PCs snuck onto the lot to steal and item, and the enemy hacker never had LOS, so he couldn't do too much to Matrix defend things. The PC Hacker opened a Back Door from across the street and then proceeded to Crash the guy. The NPC booted up a second commlink once the first was dead and then the PC Hacker did the same thing a second time, and at that point the NPC just sat quietly out of sight while the PC Street Samurai got away.

The biggest snag was that the Hacker player had neglected to get the Who Is program, so he couldn't locate the specific location of the enemy hacker (there were 3 warehouses, and they wanted to know which one he was in). He didn't think to use Detect Mind, which probably also would have done it.

PC Hacker with Increase Reflexes (4IP total) vs 4 NPC Hackers with Wired Reflexes 1 (2IP):
They needed to get inside a Neonet building with mega faraday protection, then get to the second floor and steal a copy of the data servers. The Aries guy provided them with the device that would copy all the data automatically, they just needed to set it down next to the server and turn it on.

Two of the hackers rigged up as drones with retransmitters for the other two hackers, but as soon as they came down stairs the Street Sam shot apart the re-transmitters with his machine gun. Then the drones themselves also got shot up over the next few rounds. At that point the enemy hackers began trying to form back doors on the PC hacker and crash him while the remaining gunman shot at the street sam. I mis-read the rules on restoring a network and had them making 1 roll per initiative pass instead of 1 roll per round, so they managed to bring back up their networks once or twice since the battle took so long. Eventually all the gunman had gone down and they kicked in the door on the hackers, who then seizured the street sam (1 net hit against the street sam's 5 dice to resist, and he got 0 hits to reduce it; just bad luck). They also proceeded to shoot at the dwarf hacker who had no armor (but 7 body) with their pistols. Eventually he wet down, and the elf mage who had stayed downstairs the whole time ran away. So ended the night.

Lingering Questions:
[*]In your BP Houserules section, you list that all of the metatypes should be 25bp. Does this include humans? Or do humans stay at 0 and non-humans are all 25? If everyone is 25, why not have everyone be 0 instead?
[*]With spirits, I had them only have "half their force rounded up" ranks in all their skills. As a result, the two earth spirits that the enemy mages in the second mission called up were completely unable to damage the PCs with unarmed attacks, and the Fire Spirit that the Elf Mage used kept missing a whole lot. All spirits in question were Force 4. Does this sound about right? With the Earth Spirits I didn't have them use Engulf or anything, I mostly had them kinda try to make unarmed attacks and give the players a small taste of the whole "they're not in the matrix and mundane weapons don't hurt them" thing. The NPC Elf Mage dispersed them in the end with some Force 8 Stunbolt action.
[*]Everyone who doesn't have their BioFeedback Filter off natrually has 2 points of BioFeedback Filtration even without the program for extra, right? The rules aren't quite clear on it, but that's what I was using.
[*]My question about stealing/copying programs remains. Can programs such as Armor and Black Hammer and so on be freely distributed, or are they optimized to each commlink and that's why they cost so much, or what? I'm guessing they're commlink optimized, but I'm not really sure. This is most important for things like buying a Rating 6 Armor program and then having all the PCs run a copy of it to avoid Crash damage.
[*]Are hackers expected to keep spare commlinks and boot them up during a fight once their icon goes down, or just pull out pistols, or what?
[*]Does resonance go down as essence goes down like with magic? I'm not sure on this, but it seems like it should, and also that spirits should have a maximum services owed equal to the technomancer's maximum resonance score (otherwise there's no reason to not have NPCs with 200 service sprites).

[Lokathor]

Additional questions:
[*]If spirits should have skill ranks equal to half their force, should sprites also have skill ranks equal to half their rating?
[*]Networks/Devices can choose to lower their signal rating to stay out of handshake range of another network, right? What type of action is this, and can this be done as a way to break an open connection?
[*]Does providing Signal Defense (or Counterspelling for that matter) take up a Free Action every single round? Or just once to declare it, and then you don't need to declare it again until you change your decision?

[cthulhu]

It doesn't include humans

[Username17]

Question: If you kill an enemy hacker, and his commlink has a program on it that you don't have, can you just steal his program, or are they optimized to a specific device and so you'd have to re-optimize it... or... what's the deal with that?

An enemy hacker's programs aren't going to be device optimized, because they are already set up to run on a network with different devices coming in and out. And yeah, my experience has been that like in the regular Matrix rules, a team of runners very rapidly ends up with all programs at maximum rating for all of their team mates. If I were to do it from scratch complete in a new core book, I would drop the concept of program rating altogether like it has been done for spells.

In your BP Houserules section, you list that all of the metatypes should be 25bp. Does this include humans? Or do humans stay at 0 and non-humans are all 25? If everyone is 25, why not have everyone be 0 instead?

Humans are not a metatype. Also, the SURGElings and Metatype Variants are often substantially better or worse than the regular metatypes, so they'd have to have different costs. Unfortunately, the costs and in many cases the ability lists in the SR4 Runner's Companion are very poorly done. And I just haven't felt like fishing around in that very shitty book long enough to revamp the cost structure into something that wasn't batshit insane. Only a few of them really do anything - in the older editions all the metatype variants were only for modifying stat lines slightly - which made them incredibly common for PCs but also very low priority to convert to 4th edition. The Runner's Companion conceit where all of them should have completely arbitrary and totally bizarrely costed powers and weaknesses that don't make any sense has simply made converting them even lower priority.

With spirits, I had them only have "half their force rounded up" ranks in all their skills. As a result, the two earth spirits that the enemy mages in the second mission called up were completely unable to damage the PCs with unarmed attacks, and the Fire Spirit that the Elf Mage used kept missing a whole lot. All spirits in question were Force 4. Does this sound about right? With the Earth Spirits I didn't have them use Engulf or anything, I mostly had them kinda try to make unarmed attacks and give the players a small taste of the whole "they're not in the matrix and mundane weapons don't hurt them" thing. The NPC Elf Mage dispersed them in the end with some Force 8 Stunbolt action.

Earth Spirits are the worst spirits in close combat, because they have the lowest Agility. That being said, Engulf is exactly like an unarmed attack except it immobilizes and does a fuck tonne of damage. So if they had Engulf, they should have been using it, and had they connected with it, it would have hurt pretty bad.

Everyone who doesn't have their BioFeedback Filter off natrually has 2 points of BioFeedback Filtration even without the program for extra, right? The rules aren't quite clear on it, but that's what I was using.

Running BTL is extremely dangerous. Normally you get your Firewall against B type programs and the hits off of your Redundant Biofeedback Filters. If you run "hot" you don't get either of those dice pools. Your Firewall is essentially "off" for purposes of B programs. Even when you don't have a sot sim modified rig, you can go hot sim by altogether disabling the firewall.

Are hackers expected to keep spare commlinks and boot them up during a fight once their icon goes down, or just pull out pistols, or what?

It takes a bit to boot up, so it's usually good to have a pistol to run around shooting with while the new commlink boots up. And the new commlink can actually be the old commlink, so there's usually no reason to Hackastack.

Does resonance go down as essence goes down like with magic? I'm not sure on this, but it seems like it should, and also that spirits should have a maximum services owed equal to the technomancer's maximum resonance score (otherwise there's no reason to not have NPCs with 200 service sprites).

Yes, Resonance falls with Essence Loss. And you mean Sprites? You can keep racking up Sprite Services as much as you want, by reregistering. It takes several hours to rereg, so the Tasks/Hour aren't great. Remember, these guys aren't just sitting around grooming their lair and waiting for a PC to come in and try to loot the dungeon. They have lives and shit.

If spirits should have skill ranks equal to half their force, should sprites also have skill ranks equal to half their rating?

Yes.

Networks/Devices can choose to lower their signal rating to stay out of handshake range of another network, right? What type of action is this, and can this be done as a way to break an open connection?

You can do that as a Free Action. It wouldn't break a connection by itself, because the devices would probably still be in Matrix Range with one another, and an open connection doesn't need to maintain Handshake distances.

Does providing Signal Defense (or Counterspelling for that matter) take up a Free Action every single round? Or just once to declare it, and then you don't need to declare it again until you change your decision?

Just once declared. You have to redeclare it when new folks are supposed to get protected, and if someone you are protecting falls out of range (LOS for Spell Defense) and comes back, they are considered "new."

-Username17

[Lokathor]

Tons of useful info in that post. Many thanks Frank. We ended up playing for about 8 hours straight because they wanted to try a second run after the first one's huge success, and the second one ran long with them eventually just dying. I think we became pretty familiar with the EotM hacker rules, but some more players will join as people move back home for summer and so I want to be sure I've got everything straight.

Earth Spirits are the worst spirits in close combat, because they have the lowest Agility. That being said, Engulf is exactly like an unarmed attack except it immobilizes and does a fuck tonne of damage. So if they had Engulf, they should have been using it, and had they connected with it, it would have hurt pretty bad.

Ah, it's optional for Earth spirits. I guess they just didn't have it then. They weren't supposed to be the main defensive element; I had them be summoned up just outside of the building so that the players would run away from them to the inside the building so that any passing Lone Star units wouldn't need to investigate the gunfire (because "NeoNet hates Lone Star!", I guess maybe).

Also, the Dwarf Hacker "hadn't planned on needing to fight", so he had no armor of any kind, and Reaction 1 and no close combat skills or Dodge, yet he managed to keep himself going quite well against the earth spirits with 1 defensive die and an edge once or twice, and 7 points of body when a hit did connect. Hilarious stuff really.

Running BTL is extremely dangerous. Normally you get your Firewall against B type programs and the hits off of your Redundant Biofeedback Filters. If you run "hot" you don't get either of those dice pools. Your Firewall is essentially "off" for purposes of B programs. Even when you don't have a sot sim modified rig, you can go hot sim by altogether disabling the firewall.

The hacker character didn't have any cyberware or bioware at all. He was using AR the whole time. The equipment chapter is a bit intimidating, I'll be sure to re-discuss the concept of a simrig and such to access VR (particularly if he doesn't want to run into the building personally).

So Hal Hacker uses Black Hammer (Rating 6) against Adam Adept. Hal rolls Logic + Cybercombat against Adam's Firewall + Signal Defense and gets 2 net hits. Adam is going to suffer (6+2) 8 physical damage which he can resist with Willpower + Firewall, and if Adam is running a Rating 6 Redundant Biofeedback Filters program then he gets an extra 6 dice on the resistance roll? Hmm, okay. I'll be sure to tell this to my players. The non-hacker hadn't purchased a single program because the hacker was already doing Cloak and Armor for him, so we didn't think he needed to keep any programs of his own running.

Neither side had any IC programs running either, but as I began to write up a "learn the outline of shadowrun rules quickly and concisely" document, I re-read the EotM document and noticed that IC was an expected thing that people would keep up, and even though it only gets 1IP it can still act very quickly (because as a program it uses VR initiative, right?), and it could try to use Crash or something an extra one time per round, which would be really handy.

It takes a bit to boot up, so it's usually good to have a pistol to run around shooting with while the new commlink boots up. And the new commlink can actually be the old commlink, so there's usually no reason to Hackastack.

Once the Icon Track is full, can you just reboot the commlink and begin the boot process without having to take the "Restore Network" action. System + Response (10, 1 turn) seems like it'd usually take a lot longer than just 3 or so rolls (assuming the "average npc" has a Device 3 spare commlink).

Remember, these guys aren't just sitting around grooming their lair and waiting for a PC to come in and try to loot the dungeon. They have lives and shit.

That's true, but it still seems like a Technomancer would have at least one sprite kept around with a ton of tasks on it. Registered sprites don't appear to have an 8 hour time limit to their existence.

You can do that as a Free Action. It wouldn't break a connection by itself, because the devices would probably still be in Matrix Range with one another, and an open connection doesn't need to maintain Handshake distances.

If you turn a device's signal down to 0, it doesn't lose its Matrix connection just from that? What does break matrix connection? Do you specifically have to be in a jamming/faraday/deadzone?

Just once declared. You have to redeclare it when new folks are supposed to get protected, and if someone you are protecting falls out of range (LOS for Spell Defense) and comes back, they are considered "new."

Does an "Electronic Warfare (Signal Defense)" specialty (or any kind of Counterspelling specialty) also apply +2 dice to everyone under your Signal Defense protection? Would any other skill boosters like a Skill Wire system or the Adept "Improved Ability" power also work the same?

Can Signal Defense be applied at LOS even if the target isn't within your network's Signal range for whatever reason?

[Lokathor]

Additionally on the issue of Signal 0, Handshake range, and so on.

Establish/Terminate Connection
When two networks/devices/whatever are within Handshake range of one another, a connection can be opened between them with a Simple Action taken by either party, provided that the other party has agreed to allow that sort of thing. Marking or unmarking a source as something which a proposed connection should be allowed with is a Free Action. Terminating a connection while still a Simple Action, is slightly more difficult, as the other party can attempt to fight the attempt. The terminating party makes a Logic + Computer test with a threshold set by the Logic + Hacking test. If distance or background renders the devices outside range, then the connection is terminated no matter how good either user is.

The phrase "If distance or background renders the devices outside range, then the connection is terminated no matter how good either user is." seems to imply the opposite of what you said, that handshake range needs to be maintained at all times for a connection to remain open. Not that it couldn't be the other way, just that the wording should change if it is.

[Lokathor]

I'd like to restate for emphasis my question about EotM Commlinks: Can they, on their own with no accessories, send SimSense data into your brain, and read your senses back out of your brain? I'm thinking it can, but after reading the core book to see what stuff like the SimModule did before, and then reading EotM again, now I'm not sure any more. Most importantly: If a wageslave has no sense of data security because they're a completely legal guy who just does gardening or whatever, can they just get a commlink at the shop and be fine? Can they sit at home and try out VR with just the basic commlink?

Specifically, I'm trying to get a summary of all the Matrix gear for my players so that I can just say "if it has to do with the matrix, and it's in the core book but it's not talked about in that summary, pretend it doesn't exist". The goal of course being to print it out and have it on a "cheat sheet" while playing the game. The matrix equipment of said sheet is currently as follows, and I'd like to know if there's anything wrong with what I've written down. (Criticisms are free, after all.)

Devices
<Commlink Price Table>
Commlink: Prices as above. Has a screen and touch-pad. On its own any SimSense used is wireless and thusly insecure. A trode net or nanopaste gives better security without implants.
Trode Net: Cost: 50¥. Like a hat or headband that you just put on your head. SimSense w/Signal -1. Very easily jammed.
Nanopaste: Cost: 100¥ (2). Paste or paint that you put on your head and then the nanites within burrow into your skin. SimSense w/Signal -2. Also easily jammed.
Internal Sim Module: Essence: .1, Cost: 1k¥. Wired SimSense input, no output. Hardware HotSim available at install.
Internal Commlink: Essence: .2, Cost: 2k¥+Commlink cost. Wired SimSense. Hardware HotSim available at install.
Internal SimRig: Essence: .5, Cost: 5k¥. Wired SimSense, gives +3 to Matrix Perception, and allows software HotSim.
Datalink: Essence: .1 or [1], Cost: 500¥. Allows wired connections to various external devices via fiber-optic cabling.
Single Senses: When using a Display Link, Sound Link, Taste Booster, Olfactory Booster, or Touch Link the user gets +1 to Matrix Perception per sense (max +3, doesn't stack with SimRig) and wired SimSense with that sense.

Accessories
AR Gloves: Cost: 250¥. Allows limited input and output using the hands only. Also allows limited analysis of held items.
Biometric Reader: Cost: 200¥ (4). This device can read a single form of biometric data.
Certified Credstick: Cost: 25¥. Dedicated Firewall of 5.
Standard Credstick: Bank Issued. Dedicated Firewall of 6+.
Electronic Paper: Cost: 20¥. It’s like a piece of paper that’s also a touch screen. Can fold up into your pocket. (Device 1)
Holo Projector: Cost: 200¥. Projects a trideo hologram into an open space within 5 meters.
Printer: Cost 5¥. A disposable full-color printer that includes 50 pages of paper. (Device 1)
Retransmitter: Signal 3/25¥. Signal 4/125¥. Signal 5/250¥.
Microtransmitter: x2¥ (4); small enough to not be noticed.
Directional Restransmitter: x3¥ (6); Draws LOS.
RFID Tag: Cost: 5¥. A basic tracking tag. (Device 1)
Receiver Module: Cost: 600¥ (6). Receiver 1.
Satlink Module: Signal 6/2k¥ (6) or Signal 8/150k¥ (20). Also includes a built-in Receiver 1.
Subvocal Microphone: Cost: 50¥ (6). Worn directly over the throat. Others are at -4 to hear subvocalized speech.
Skinlink: Cost: 50¥. Two skinlink’d devices can interact using Signal -2 while they are both in contact with a person’s skin.

Programs
Analysis Program: Cost: 500¥/rating (2/rating).
Attack Program: Cost: 2k¥/rating (2/rating).
Communications Program: Cost: 1k¥/rating (2/rating).
Exploit Program: Cost: 1.5k¥/rating (2/rating).
Operations Program: Cost: 500¥/rating (2/rating).
IC: Cost: 500¥/rating (2/rating).
Pilot: Cost: 500¥/rating (3/rating).
Pilot Accessory: Cost: 100¥/rating (4/rating).

A program’s rating is also capped by the System of the network it’s on. IC is capped by Firewall instead. Rating caps the hits that can be achieved with the program. Programs from one OS have to be re-optimized for a new OS, and are at -2 to rolls and Rating until then.

Pilot and Pilot Accessory programming (Clearsight, Targeting, Maneuver, etc.) are purchased for individual devices. Pilot Accessory programming is capped in rating by the Pilot rating, Pilot is uncapped. These programs cannot be optimized for other systems.

And another clarification if possible: Can a Pilot Accessory program be purchased for any skill at all? Or is there some list somewhere that I haven't noticed? Do the rarer skills just have higher costs and availability?

Edit: Should IC be able to run Handshake range programs if there's a connection open? Particularly, should IC be able to run "Medic" on its own system or on a connected ally system?

Edit2: "Also, Any time IC is used, the Firewall subs in for all of the IC's attributes.", Does this mean that IC also has the appropriate skills to execute a program as well? Each equal to the IC's rating? Or should skills be half it's rating rounded up in ranks like with sprites/spirits? Or should it just stay as a super nasty thing that floats about ready to bite people?

[Manxome]

OK, couldn't sleep, got thinking about the crypto rules, thought I'd do some brainstorming on what sorts of tactics fall out of the assumption that plaintext/ciphertext pairs always yield a key. Some this may even be explicable enough that you would consider using it in an actual game.

Of course, we can't get very far without discussing what it actually means to have a plaintext/ciphertext pair. Several possibilities come to mind:

1. You need the entire message.
The encryption procedure for EUE somehow changes based on the length of the message, and so in order for an attacker to recover the key, you need the entire thing, no matter how long or short it is.

If this is the case, then you also need the entire message in order to read it, even if you are the intended recipient and have the key; the message becomes meaningless garbage if any part of it is missing. We know this because otherwise you would always pad your message with some random bits at the end and then not send those bits so that your message can't be cracked.

2. You need a certain number of consecutive bits.
If you discover that the Germans are starting all their encrypted messages with "Hail Hitler", you hit the jackpot.

The minimum required length will need to tie in closely with the amount of time it takes to recover the key after you have the plaintext/ciphertext pair, because if their product is too small people can just guess randomly until they get the right one. Spoken English has about 1.3 bits of entropy per character, so the requirement should probably be at least around 200 characters (260 bits of entropy); that's high enough that brute force attacks can be ruled out purely on grounds of thermodynamics, irrespective of the actual technology used, until you start talking about capturing the entire energy output of a supernova to run the computer performing the attack. Remember that English is probably represented using more than 1.3 bits per character, though (in 2010 we often use as much as 16), so the actual number of bits of the message you need will probably be higher.

If they need to be consecutive, though, you could just have a communication protocol where the real message is interspersed with blocks of random noise that the intended recipient knows in advance to ignore. That reduces your bandwidth, but probably not by enough to care. And then no one can guess your plaintext without actually intercepting it.

Also, notice that this means that if the message is short enough, then even knowing the entire thing might not be enough bits. That's called the unicity distance.

3. You need a certain number of bits, anywhere in the message.
This is probably the most plausible option. Like above, except it's not so easy to throw off an attacker by inserting a little random noise.



OK, so you're running an organization that needs to communicate securely. The first problem is distributing the keys; in order to bootstrap your encrypted network, you need some way of handing off keys to all the people you want to talk to where the keys themselves won't be intercepted. But you don't need to do that very often, so hardcore organizations probably use actual human couriers in meatspace (carefully vetted couriers, of course). Less hardcore organizations might use a parcel service, or just send them across the network cross their fingers and hope that no one was listening to them at just the right time.

Regardless, the entire point of encryption is that you don't have to do that very often--you could just send all your messages that way, but encryption allows you to distribute a small amount of information in advance in order to securely transmit a large amount of information later, on the spur of the moment. So you're going to take some care to ensure that the keys you distributed aren't compromised: you're going to be careful how you generate them (probably a true random source, like atmospheric noise), be careful who sees them, and keep them locked up as securely as practical when not in use.

Firewalling, in the traditional sense (not the modern computer sense) is making sure that damage is contained--in this case, when a security breach occurs, you want as little information as possible compromised.

Guarding the Message: Since people who can intercept or successfully guess the contents of your message can steal your key, you want your messages to be short (assuming option #3 above) and unpredictable. Formal salutations and introductions are a bad idea. If you send any sort of routine reports, all of the structural information (e.g. the headers in a data table, or a list of recipients) should be left out (the recipient already knows what it should look like), and any numbers that don't vary too much (like salaries, perhaps) would ideally be compressed according to pre-arranged rules custom-tailored to their normal range of variation. This all has to be established in advance, and uniquely for every standard bureaucratic form--you can't just throw your documents into a zip archive, that contains a bunch of information about how it's compressed that's way too easy to guess--but your compression system doesn't need to be secret. That's the part of your message that's always the same and that would be easy to guess, so you're factoring it out. This means that it's easy to find out the template that giant company XYZ uses for their annual report (in fact, they might just send it in cleartext before the encrypted message that uses it), but it won't help you break their encryption.

Exceptional messages can't have any pre-arranged system, but they are by their nature exceptional, so their contents should already be hard to guess. Just don't be an idiot and force everyone to begin their messages with "Hail Hitler" or whatever.


Guarding the Keys: Once an enemy gets one of your keys, he can read all the traffic encrypted with that key--even traffic that you sent years ago, if he recorded a copy. So ideally, every message is encrypted with a different key. In fact, any particularly long messages should be broken up into chunks, and each chunk encrypted with a different key.

Is this practical? Well, that depends on some more technical details: the length of an EUE key, and whether the Shadowrun universe has good hash functions.

A hash function (also called a "one-way function") is a mathematical function that is easy to compute, but whose inverse is impractical to compute. At the moment, we care because this allows us to turn a single master key into a bunch of unique session keys. It works like this:

1. Alice and Bob share some pre-arranged secret key, just like normal. Call it K.
2. Whenever Alice and Bob begin a conversation, Alice generates a random number R that's just as long as a key. She tells Bob this number completely openly; anyone listening in can hear it.
3. Alice and Bob each compute the hash of (K+R), giving them some output H.
4. Alice and Bob encrypt their traffic to each other using H as their encryption key.
5. The eavesdropper only knows R, not K, so she can't compute H.
6. If the eavesdropper somehow figured out what H was (for example, by guessing the message contents), she still can't compute K, so Alice and Bob can use the same master key K for their next conversation (along with a new random number R) and the eavesdropper has only compromised this one message.

If that sounds very convenient (and it is), we might be tempted to say that there are no secure hash functions in Shadowrun. However, realistically, that probably doesn't matter: barring authorial fiat, there's not much reason that an EUE key would need to be longer than ~256 bits (see the point about supernovas, above), so it is probably entirely reasonable for a megacorp to send their trading partner a few trillion pre-generated keys, and use each one only once. Which means it's probably better to allow hash functions into the game before one of your players starts asking you about how the corporate password tables are stored...

Really paranoid people still use throw-away keys, instead of hashed session keys, just to make it that little bit harder to compromise the master key (list).

If, for some reason, you don't have as many keys as you want, then your keys are strictly separated by security level. The more sensitive the message is, the more sensitive a key it requires, so an employee can't read your top secret documents just because they're authorized to know your current bullet inventory. Heck, you probably do that even if you have a trillion keys, just to make it that much harder for someone sending a low-value encrypted document to sneak a peak at the keys that might someday be used to encrypt a high-value document.


Of course, this prompts the question: if you've got so many keys, why not just make every message shorter than the unicity distance, and then switch to a separate key? And the answer is: nothing, except then you're practically just using a one-time pad. You'll need an amount of key material that's not a lot less than the length of the message you want to send. And it doesn't actually help you in any way, except when the attacker already knows (or can guess) part of the message, but not the entire thing--which is really a very specific special case. So most people just don't bother with that, for the same reason most people just don't bother with one-time pads.


Retransmission
I think the biggest likely loophole in a corporate structure is going to be the need to send the same message to multiple people--and especially to forward a copy of some memo or report with your comments attached to your boss or subordinate. That means that the same message (or a message with enough overlap to mount an attack) is being sent under different keys--and that means that if you can steal one of the keys, you can decrypt the message, and then use the message to recover the other keys, allowing you to read every message in the chain.

This is especially a problem when information gets its security level raised or lowered. If a high-security message is actually a lot like a low-security message, but with more detail, then compromising the low-security version may allow you to bootstrap your way into the high-security version. In particular, if some event reported by a low-level officer gets escalated to a higher clearance level later on, you may be able to continue to track its distribution (and what people are saying about it) if people are careless about re-copying. Similarly, if highly secretive data is "scrubbed" and then released as less secret data, if you have a recording of the encrypted high-security transmission, you may be able to use the similarity to the low-security plaintext to break the encryption.

If you're cunning, you may even be able to cause an incident that will generate some report that's predictable enough for you to guess the text and recover the key--and then follow it up the chain.

[Lokathor]

Question:

At one point it says that a Drone uses Response in place of Reaction.

At another point, it says that a Drone uses Pilot for all real world stats needed, eg: "Pilot in place of Reaction to drive itself around."

Which is it? First one? Second one? Pilot for drive and Response for all other reaction uses?

[CatharzGodfoot]

Question:

At one point it says that a Drone uses Response in place of Reaction.

At another point, it says that a Drone uses Pilot for all real world stats needed, eg: "Pilot in place of Reaction to drive itself around."

Which is it? First one? Second one? Pilot for drive and Response for all other reaction uses?

I believe that one applies to remote drones and the other applies when "jumped in", but I could be wrong.