The Ends v4.01

[erik]

I took the Jedi Trick to basically bypass authentication prompts. So not applicable for things like light switches and scanners unless they are prompting on the matrix for a password and login. You don’t change displays or turn stuff on and off. Just bypass authentication. Once.

[Trill]

From a fluff perspective, Jedi Trick reaches into the device and does manually does whatever the device would do if it had gotten a correct input. For a Cyberware Scanner, that usually means "Display the results on this screen" and in that case Jedi Trick lets you reach in and make the screen say whatever you want it to say. Or write whatever results you want to log, or whatever other thing the scanner is supposed to do.

For a street light, there's no request for credentials. It's a light, it changes colours. Jedi Trick is not the button that does this job. You could maybe hack GridGuide, but that's different from hacking an individual light.

If Jedi Trick makes the device do "whatever the device would do if it had gotten a correct input." and apparently lists of cyberware and their positions fall under correct input, why wouldn't the command "Change color to green for 30s" count as a correct input? It's certainly something it could get sent from the GridGuide.

Or do you intend to say that the information where what cyberware is located, superimposed on a picture of the person, counts as credentials?

I took the Jedi Trick to basically bypass authentication prompts. So not applicable for things like light switches and scanners unless they are prompting on the matrix for a password and login. You don’t change displays or turn stuff on and off. Just bypass authentication. Once.

That's what I thought

[Coldstone]

Oh wow, looks like some of the network stuff came up. Hullo again all.

I have re-read Ends too many times for my liking, but that has been because when I solve one question, I find myself with another, and I had a scary stint where I couldn't find a clear explanation of how the Matrix worked in basic outline. ^^; This was in part from trying to figure out things like zones, but also what levels of permissions you needed for matrix activity.

Anyways, that meant I was either having a really stupid brain moment (certainly not impossible since I went quite awhile without asking that question apparently). Or I was just so use to how regular matrix worked I never noticed I needed to ask the question.

But cause I want to try some input, I'll go backwards to what is going on.

1) Jedi Trick: Jedi Trick is meant to bypass a password or credential check - it is not meant to fabricate false data. A cyberware scanner is a lone device, it probably has a built in security password for someone otherwise wanting to do maintenance on it, but it may be designed to simply relay its results to whatever asks for it, and all the process is done internally, avoiding being connected to a network in general.

That said, it would still need a wifi signal to relay that data if it isn't jacked in, so you can still sneak into it. You would likely use a mixture of backdoor and Jedi Trick to sneak onto the cyberware scanner, then use Data manipulation (under computer skill) to modify the program to not beep an alert about detected parts and instead show a clean bill of health.

Offhand, as far as what does or doesn't ask for a password - with the way devices are made in the Ends, anything can be set to demand 20 passwords, but almost no one does it because how much it gets in the way of basic usage. Still, If it's important enough, even a camera can have security codes it asks for if it's deemed important enough (but if it's attached to a network, more than likely the password it wants is the one you used to get onto the network anyways).

2) The Matrix as a whole: I have concluded after a bit of annoying running around that, short of me somehow not reading a specific section 20 times over, the Matrix works like thus:

..... It's exactly like the internet the Real World uses today, but more powerful, with a lot more wifi, and more sophisticated.

So re-transmitters, thousands of miles of fiber optic cable, satellite links, your ISP - it's effectively what the Matrix is. At the most basic level that is exactly how it all works.

There's a lot of stuff I want to read over cause I enjoy the discussions, but I'm not sure what else to try and find and answer for yet. ^^; Plus i want to see if my thoughts about the Matrix are actually sensible or if I did make a Mega-derp.

EDIT: Also, I see the files for Ends moved a bit on Github due to stuff. My version claims it's 4.03, but the one I saw seems to mention 4.01.

[Lokathor]

Yes, sorry about that. For a while there was a version on GitBook but then they tried to move to this pay model and all that and I just wasn't having any of it, so now I've got a version on GitHub that's compiled from markdown into HTML via a program called mdbook which is super similar to how GitBook used to do it. Except now I don't have auto-generated offline download copies any more.

As to cyberware scanners, they're basically like metal detectors. There's a hand version you wave around until it beeps, and then also like a "doorway" version you walk though that lights up if it detects something. They don't need to be in a PAN to work, but they do need to be able to not have their wifi interfered with for them to send out their scanning signals. So since you can't cover them in wifi blocking paint, you'd probably put them into a PAN of whoever the checkpoint operator is (assuming there is one). It makes it a tiny bit more likely that they might notice if things are being messed with.

[Trill]

As to cyberware scanners, they're basically like metal detectors. There's a hand version you wave around until it beeps, and then also like a "doorway" version you walk though that lights up if it detects something.

Millimeter wave detection systems, also known as
cyberware scanners, process video taken in the millimeter
wave spectrum to identify the energy signature of cyberware
and concealed items (specifically weapons) on a person.
These devices can “see through” thick layers of clothing and
other concealment to identify items from a distance of 15
meters away. To determine if the detector scans cyberware
or a prohibited item, roll the Device rating and compare
the hits scored to the thresholds given on the Cyberware
Scanner Table. Millimeter wave scans can detect any non-
biological item by its shape and composition, assuming
the item is listed in the device’s database. If the threshold
is reached, the scanner detects the item/implant and notes
its general locations and type; additional hits provide more
detail (function, model, grade, etc.).

They are more those body scanner things at airports, that check your body out and if a shape is in their database they mark it on the picture. The sensor closest to metal detectors are MADs, which just go by "Is there something metallic? Y/N"

[Coldstone]

It is true if it's in a PAN you'd have a bit more work to do, but the concept still works. If it's running visual data, a Fabrication program might also work to fool it if you swap the data out, or some combination there of.

[Trill]

It is true if it's in a PAN you'd have a bit more work to do, but the concept still works. If it's running visual data, a Fabrication program might also work to fool it if you swap the data out, or some combination there of.

That's probably the best way. Get control of it and then fabricate the right data. Keep in mind though that nonsensical or strange data is going to rouse suspicion ("Why does the scanner show an elf with some cyberware when it's pointed at a dwarf? Something's wrong here")

[Trill]

So, just out of curiosity:
Who are your hacker characters?
What programs do they have?
What skills do they have?
How well have they fared?

[Kaelik]

Our group has "two" hackers and also someone else.

We have Shelly, a Technomancer with about 15 complex forms who always has a Flame, Flirt, Sentry, Archive, and Industry Sprite Registered and "merged" into her network. A thing we've been allowing to happen. Shelly usually rides in a car to the location so her 7/7/7/7 commlink network is always within range of her projection and she can therefore have higher stats than her natural fives.

(Though I've since realized that a mage with Spirits of Man and Improved Attribute Spells could just toss those one over and over with a couple Spirits of Man and Shelly could roll around with 9/4/9/9 anywhere her projection can reach)

She's done pretty well in that at least once she rolled well enough of Matrix Stealth to run 30 programs until she finally got master control of an entire set allowing the party to know every enemy location before anyone showed up, and then she crashed down the hacker and started death noting.

She also in a different mission deathnoted a mage, allowing our mage to run rampant in the Astral.

Also she taxmanned some ganger to find info so we didn't have to negotiate with or risk a shoot out with some gangers.

Then we have a formerly Decker who respeced Technomancer who once got into a system and discovered camera feeds of everything and identified exactly how long the party had before the kill team arrived.

But basically both of these miss half the sessions, and then we change the hacking rules after every week, so not sure how indicative any of this is.

We also have an intuition mage who uses Matrix Perception sometimes just to find what we are looking for and theoretically should have programs if no one else shows up.

Shelly has about 15 complex forms and between her and sprites has almost everything.

I have no idea what ElfGuy has, but he usually rocks out with like 4 Machine Spirits in Drones, so he's not hacking as much as rigging, but he definitely has some complex forms.

Back when he was a rigger/decker not a mancer he had Master Control and Backdoor at least, and I really have no idea what else.

Shelly has 5s for all mental stats, started with 6 Compile and 4 in all the other skills, now has 5s in Electronics 6s Cracking, and specializations for Matrix Stealth, Matrix Perception, Attack.

[Trill]

Would you allow your players to create custom programs?
If no, why so?
If yes, what guidelines would you use?

A player of mine asked if he could have his character create custom Programs. I told him that creating programs would probably be a longer task and that I'll think about it.

Pro:

• allows players to cover un-thought-of situations (e.g. the Dronehammer up the thread)
• gives players chances to create programs that suit them better

Con:

• Can lead to broken shit if not thought through completely
• have to explain why they never thought of this before
• might be used to alleviate need for better programs ("I'll just code me a similar program of a higher rating")
• No mechanics, at all. Have to basically make the entire rules for custom programs from scratch

On one hand I think the idea of the team hacker making custom programs for his own use is fucking rad.
On the other hand I can see how this will just instantly end in bullshit.

[Lokathor]

Yes, depending on program.

And you don't have to explain why no one thought of it before. Literally if someone asks just say "oh well" and move on.

[Trill]

So basically "Make a program, if I think it's fine you may make it, otherwise not"?
And even if so, what would be the best way to actually have him write it? Having him pay normally for a program he wrote himself seems weird, but so does just having a Extended Test on LOG+Software with threshold of "Who knows" and interval of "1 day or so?"

[Kaelik]

Use the rules for programming software. They already take so long that writing a new program is a 6 month affair at least.

[Trill]

Use the rules for programming software.

Can you point me towards them? Cause I don't see them in the PDF

[Kaelik]

Use the rules for programming software.

Can you point me towards them? Cause I don't see them in the PDF

On page 228 of the 4e A book is the coding software table.

Hacking programs have an interval of one month and a threshold of rating x2, which is not as bad as I remembered. But if you really have to devote say, 8 hours a day, to an activity to get to roll, that does mean 8 hours a day for a month that you definitely had other shit you needed to do.

If you want to say that designing a never before heard of program takes twice as long so two month intervals that would be more than sufficiently burdensome that whatever you can do after rolling after 2 months is fine.

[Trill]

On page 228 of the 4e A book is the coding software table.

Ah, I kinda expected that.
Not sure how applicable they are considering that EotM basically throws those parts out anyway, but at least they are something.
Thanks

[Trill]

Okay, so I've come upon a situation that doesn't seem clear whether or not it's possible, so I'll just throw something up and would like to ask you to run a sanity check on this:
The situation:
The players want to eliminate someone/have them out of the way. Their idea is to put up fake bounties/arrest warrants.

The basic facts:

• Bounties are basically pieces of information on the matrix that contain information on the person, the bounty and possibly the reason
• Bounties get their legitimacy and veracity from them being published on major law enforcement websites (usually one agency/corp will put it out and the others just mirror it)
• The bounty will most likely contain information on the group putting it out (for further information)

My current approach:

1. Players gather information on the target
2. Players hack the matrix page of a law enforcement agency (whether corp or governmental) by hacking into their network
3. Players upload the fake warrant into their current roster, without tripping the alarm
4. Depending on their success at creating the data the agency takes some time to notice that it isn't legitimate
5. If successful enough, the target will likely be harrassed by groups wanting the bounty and be distracted before the agency takes the fake bounty down

My questions:

1. I'm assuming that in the second matrix there still will be websites. Maybe not large search engines like Google or Yahoo, but normal websites should be available (both to market stuff and to distribute your own). Is this fine to assume? If not, what replaced websites?
2. I'm also assuming that to manipulate a website it isn't enough to just be on it. You actually have to be connected to the server that hosts the website (you have to go to the place whose website you want to hack). Is this acceptable? Would you be okay with this or would you want SQL injections to still be possible from your basement (although not much more that that)?
3. How hard would you make it to make a convincing bounty? Would you be fine with "correct info, looks similar to the others? passes"? or would you actually expect every small detail to go into scrutiny?
4. What do you think is a good length for the duration it stays undetected? This mostly depends on how often they do checks on such things. Is there someone that looks through all active bounties? Or is there just a script that checks once per week if new bounties are there?
5. The main question: Do you think this should be possible at all?

[Foxwarrior]

I suppose the consideration that stands out to me as most important is that someone has to be responsible for the bounty. The cop who put it up, or the accountant who's supposed to pay it, would probably at some point check that the bounties they're offering are the ones they meant to offer.
For small offices that are easy to hack, the person might check fairly often because it's a short list and they know what should be on it, while for big offices with good security I suppose there might be so much data nobody double checks before it comes time to pay, and maybe not even then.
(Doing it this way also balances out the part where you just hack one board and it gets copied to the others)

[Trill]

I suppose the consideration that stands out to me as most important is that someone has to be responsible for the bounty. The cop who put it up, or the accountant who's supposed to pay it, would probably at some point check that the bounties they're offering are the ones they meant to offer.

Okay, so the biggest part is to have it be unnoticed by the person responsible for it? Sounds fine

For small offices that are easy to hack, the person might check fairly often because it's a short list and they know what should be on it, while for big offices with good security I suppose there might be so much data nobody double checks before it comes time to pay, and maybe not even then.

Sure, let's go with that. So smaller office = easier to place in but lasts for a shorter time (useful if you know that person is very public and already known) while large office = harder to hack and place the bounty, but once it's placed it stays around for a long time?

(Doing it this way also balances out the part where you just hack one board and it gets copied to the others)

That is one assumption I made for why it gets noticed at all. Do you think it would be fine without the sharing? (i.e. only people checking that particular site will see the bounty)

[Lokathor]

Particularly in the context of EotM, smaller organizations should honestly switch to using paper for a lot of their long term storage.

Which is fineish, since you can do ninja missions to sneak into an office and replace the paper documents the same as you can do ninja missions to sneak in and replace digital files.

[Trill]

Particularly in the context of EotM, smaller organizations should honestly switch to using paper for a lot of their long term storage.

Isn't paper rare in Shadowrun?
Or am I mixing that up with some other Cyberpunk game?

[Trill]

Something a friend of mine noticed when I showed him EotM:
During the 4 Questions chapter one of the reasons for not stealing Credsticks left and right was:

Now this doesn't mean that the enterprising hacker can't steal money, just that they have to
steal it from a specific account by getting a hold of an actual credstick or commlink and hack
them to authorize the transfer of funds. However this is understandably dangerous, because
doing so still leaves a trail of money transfers on the hidden servers that the hacker is
probably in no position to do anything about. It is for this reason, that fraud of this sort is
mostly confined to spending sprees on relatively untraceable goods and services rather than
actually getting the money into one's own credit line.

and

than it is to hack a stolen
credstick to transfer money to the carpet supply warehouse and "purchase" the same rug
with money that may well be flagged as illegit in days, hours, or even seconds. For this
reason, personal credsticks are often left to lie by hardened criminals.

My questions are:
1) Who is it that flags that transaction? The owner? The bank?

2) What stops someone from transferring the money to a Certified Credstick first?

[Zaranthan]

The idea is thus:

1. You hack some schmuck's commlink.

2. You buy a rug with the hacked link. Have it delivered to a dead address you've got lined up in the barrens.

3. You pick up the stuff the same/next day.

4. The hack gets noticed by the wageslave you pwned. The money gets backtraced. The wageslave gets stuck with the bill because Empire Carpet has a better lawyer. You've still got your rug.

5. Hiring a private investigator to track the RFID tags in your rug is a lot more expensive than the amount you stole from the wageslave's account, so he just lets it go and signs up for a few overtime shifts.

To answer your second question, if you just do a straight transfer to a credstick, then the money's still there to be reclaimed, so it might be worth the wageslave's while to pester his HR department to get the money back.

The point is, if you spend the money to get stuff before anybody can track you down, odds are the stuff is worth less to them than it is to you, so you slip into the shadows and live another day.

[Trill]

3. You pick up the stuff the same/next day.

I'm not so sure about that
both because I can't imagine them working that fast or sending it into the barrens
and because it seems to go against the bolded stuff in the second quote (where it says that such things aren't normally done)
and against the fact that this would in fact encourage you to buy larger stuff and not just smaller goods that you get immediately

[Mord]

1) Who is it that flags that transaction? The owner? The bank?

The victim's bank would do the flagging. IRL, the way it works is that if someone attempts to use your credit card or bank account for a suspicious transaction, your financial institution's anti-fraud algorithms are your first line of defense. If those don't get triggered or if the hacker also has access to your verification mechanism, then it's up to you the victim to notice the fraudulent transaction on your account statement and report it to the bank.

In the good ol' U S of A, banks have to offer certain consumer fraud protections under the law, which obviously no longer applies in the Shadowrun future. However, widespread consumer fears about fraud and identity theft have resulted in banks competing with each other on identity protection and anti-fraud services. This wouldn't necessarily stop being true in the Shadowrun future, because as a consumer, I know that if I didn't have meaningful fraud protection services with Bank X, I would not want to put my assets in Bank X. The same logic applies to businesses too - if Shadowrun banks as a class really take a "lol fuck you" attitude towards fraud, that's going to have a serious chilling effect on their ability to lend. Megacorps wealthy enough to become their own banks will do so, everybody else will have certified credsticks hidden in their mattresses.

I think the most thematically cyberpunk solution here would be that you pay for fraud protection services and there are various tiers of pricing/effectiveness available, much like physical security or police services. Your bank would probably partner with a preferred vendor for these services, so if you were to review the sales pamphlets, you would see that the MegaBank "Plus" account comes with free "Basic" anti-fraud service from our partners at IdentiGuard (no annual fee if your balance stays above 1,000 Nuyen). You can upgrade to "Thermonuclear Deterrent"-grade identity protection for 10,000 Nuyen a month, or get it for free with the MegaBank "Hookers & Blow" account (annual fee 1M Nuyen, minimum deposit 100M).

There could be a whole little ecosystem of bottom-feeder crooks who get by on the couple bucks they can steal here and there from wageslaves' credsticks without attracting too much attention, and the anti-fraud guys working for the bank or its partners who hunt down and probably shoot any of the bottom feeders who take too big of a risk or accidentally cross a moneyed client.

2) What stops someone from transferring the money to a Certified Credstick first?

Nothing. These days the equivalent scam would be the guys who ask you to send them money in the form of Amazon gift cards or whatever because they're so much less traceable. Theoretically, in the future banks and gift-card-issuing merchants could get together to identify the gift card that was purchased with the fraudulent transaction and freeze it out or pull identifying info from the purchase history. I'd expect that that's the direction things are going today with your major retailers.

If you say it's possible to determine the hardware ID of the certified credstick that received funds from a fraudulent transaction, then an investigator could watch for any new transactions involving that ID; the Nuyen on that stick is basically marked money at that point - the thief would spend it at their own risk. If the Nuyen itself has some kind of blockchain technology or equivalent verifying the chain of ownership, that's even more useful for an investigator. At a physical level, RFID tags are pretty ubiquitous in Shadowrun future, so maybe it could be possible to even identify what specific physical goods were purchased with the fraudulently acquired credits on the certified credstick.

All that tends to push the setting so far that Shadowrunning stops being possible, because there's no medium of exchange that allows for untraceable payments to dangerous people for illegal services. It may be possible within the setting that transactions to and from certified credsticks could be traceable, but our first priority is a playable game.

Instead of the foregoing statements, you could instead say that there exist fly-by-night manufacturers of certified credstick hardware that are fully compatible with the banking network but are sketchy as hell and don't cooperate with inquiries from fraud investigators. Maybe some retailers push back against bank fraud investigators because they think it's too expensive or otherwise not in their interests to share data in that manner. Or, the fragmentary nature of the banking and hardware and retail databases involved might just make it too damn much trouble for anyone to actually trace a transaction like that unless it's for really big money that someone is willing to pay top dollar to get back. Or, there could exist certain organizations of privacy-minded individuals (a futuristic Tor Network kind of thing) that offer what amounts to a money laundering service, where you pass your "dirty" funds into their servers and what you get back has a totally different chain of ownership having nothing to do with you.

The wageslave gets stuck with the bill because Empire Carpet has a better lawyer.

Is Empire Carpet an A- or AA-corp in Shadowrun? Asking as a current wageslave there.