The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
[d20] Homebrew Elec. Warfare rules - SR style
Talonrazor
Registered User regular
Registered User regular
So, I need some suggestions. In my Novo Aether: Genesis d20 Future game, heavily inspired by Peter F. Hamilton and Shadowrun, I'm using an omnipresent wireless network, called the Uninet, that everyone is always connected to with augmented reality vision and built-in computer implants called Pearls. Since a lot of the game centers around electronic warfare using this system, I wanted to bring in Shadowrun's style of hacking. So I designed some homebrew rules for wireless eletronic warfare. I'd like to get some feedback on it and suggestions if you have better ideas on implementation or see glaring errors.
Just a quick note, ASNs are basically LANs, s-link is like bluetooth technology (it's what lets all eletronics be wireless) and a Pearl is a computer implant. Here's a quick rundown of the rules I wrote:
What do you guys think? I basically went through and tried to convert as much of SR's rules as possible. Any changes, suggestions or comments you have? Playbalancing issues? Also, if someone wants to adapt this for their own game, feel free. Thanks for the help!
Just a quick note, ASNs are basically LANs, s-link is like bluetooth technology (it's what lets all eletronics be wireless) and a Pearl is a computer implant. Here's a quick rundown of the rules I wrote:
There are a number of methods hackers employ in conducting activities. A proper freelancing team usually employs at least one good systems operator for their activities. These SysOps are skilled in at least a few hacking methods. Such methods are jamming, slicing and phishing. A good hacker or SysOp worth his weight also has some abilities to maintain his own system and node security.
Jamming-
Jamming is a communication disruption attack used to hinder communications, data networking and electronic systems. Usually used more in military or guerrilla combat then security hacking, an individual can attempt to jam s-link ports from accessing cyberspheres or even ASNs or other s-link ports. When jamming a personal s-link port two different attacks are used; barrier jamming and signal jamming.
Barrier jamming attacks are caused by a hacker righting a special piece of software that tries to prevent a certain ID from accessing a cybersphere. When a log request is filed by an ID to connect to a cybersphere the software overrides the cybersphere and denies the request. The advantage of this attack is that it can originate from any place on the Uninet. However, it can be easily avoided by simply creating a new s-link port ID. This requires certain technical knowledge and would cause a user to lose all the benefits they obtained from their previous ID, including communication. If a user did not list his name to the new ID, anyone trying to contact him would fail. Barrier software can also be destroyed by successful counter-hacking.
To conduct barrier jamming, a person must attempt a Computer Use check against the software's DC. Simple barrier software has a writing DC of 20 and can be destroyed by beating a DC of 15. Complex barrier software has a writing DC of 25, a destruction DC of 20. Advanced barrier software, DC 35, and is destroyed by beating a DC 30.
Signal jamming can either jam a certain area or a specific s-link port. Signal jamming occurs when an s-link transmits signal that interferes with a certain broadcast. A hacker can set his personal s-link to muddle the signal of a nearby s-link unit or to blanket the area with interference signals. While signal jamming prevents any transmissions coming and going and can't be defeated by switching IDs, it has many drawbacks. A very illegal activity, an s-link committing interference attacks can be easily pinpointed (by a source that isn't being jammed, i.e. a more powerful s-link unit). Also, most standard s-link ports are only able to jam a small area. For more widespread jamming, more powerful equipment is needed which, in turn, is more easily detected. Signal jamming is usually conducted by advanced equipment in military situations. While signal jamming is unable to be defeated by software, allowing whoever has the most powerful equipment to win, it is rarely used by hackers. To be truly successful, a person must both be in the area he wishes to jams and also obtain illegal, military-issue advanced equipment. Kaos software is much more popular option.
To attempt signal jamming, all an individual needs to do is load software the will cause his s-link to transmit interfering signal. If he wants to jam a certain s-link port, he first needs that s-link's specific ID then write software to jam it. When an s-link port is jamming, a person loses all communications and contact with the cybersphere, as his s-link is otherwise engaged.
Slicing
Slicing is an entry attack into a system, be it a Pearl, ASN or Uninet nodes. The entire point of slicing is to enter an otherwise restricted network and perform a variety of operations. Slicing is usually a very difficult activity, due to the sophistication of anti-slicing software. Those who focus on the complex task of entering a system are usually referred to as "slicers".
To slice a system a person must first bypass an s-link port. This can either be done by defeating the screening software or accessing a system by another means (usually a hardline directly into the system or forging an access code). Once a slicer has defeated the screen software, he must then avoid detection by pickets. These automated software constantly sweep a system for intruders or harmful code. If a slicer is detected by a picket program, it will attempt to remove him from the system in addition to flagging the designated administrator of the system. Additional defensive software may be installed, like confiners, which attempt to isolate a slicer’s access while pickets or security hackers try to remove it, encryption software and multi-tiered ASNs, requiring many sliced nodes before reaching the high-security files.
If the sliced system is a Pearl, a person can then attempt to remove the intruder himself (writing code to remove the slicer's own) or just darken his s-link port and reboot his Pearl, completely wiping out the intrusion. These same principles apply to other systems, which can have designated security staff that make the slicing all that more difficult.
To defeat security, a slicer must make a Computer Use check to defeat a screen’s DC. If they successfully bypass the screen's DC, they then can access the system. Every round, a picket makes a Computer Use check to sweep the system, using the slicer's check as a DC. A slicer can hide his slice by making another Computer Use check and using this one instead of his previous check. He must use this new check, even if it’s very low. He may take ten on this check.
If the slicer is detected, the picket software makes opposing checks with the slicer. In addition, the user of the system is alerted. This can range from an administrator, a security hacker or the owner of the electronic being sliced. The user can make his own opposing Computer Use checks independent of the picket software. A slicer can attempt to the shutdown picket software by beating a DC of 30, doing so will alert the user immediately however. A slicer can also attempt to destroy picket software using standard hacking rules. There is nothing prevents a system or pearl to having additional picket software; in addition most systems are programmed to instantly update their picket software if it goes missing or corrupt.
A slicer can also try to forge a passkey that will grant him a temporary access account, flagging him as a guest user. Such status will cause his session to be ignored by picket software, unless he trips system security. Almost every system requires a passkey to access it; these are hundreds of randomized letters that are almost impossible to copy. A slicer must also write the passkey separate from the system. Generating a successful passkey requires beating Exceptional security and the roll is made in secret by the GM. The slicer won’t know if his key will work until he tries it out…
A sliced Pearl is a major liability. A slice can copy personal information (which is usually encrypted), access communication, disable cybernetics or the user's AR, upload monitoring software or even commit mindscraping in an attempt to produce seizures.
Phishing -
Phishing is the monitoring of a system by external means only. It is passive eletronic warfare that is used for information gathering purposes. Phishing is almost always conducted on Uninet IDs and is the most common form of hacking. Phishing comprises of uploading monitoring software, usually running out of a node that logs all the activities of a certain s-link ID. It consistently pings the s-link port to see if it’s communicating to another s-link ID or entering cyberspheres. Phishing is used for data-mining, gleaning basic passcodes entered and software used. Phishing software tries to discern the point-of-origin of the s-link ID, the nodes it visits and the ASNs it connects to (such as a store's advertising compute or mass-transit systems). All of this information is compiled and compared for patterns and similarities, then presented to the hacker for analyzing.
Phishing can only be detected by its pings, which are often very weak and cleverly disguised. As such, phishing is difficult to identify and can only really be defeated by scrambling outgoing data. Scrambling isn't done by the majority of the populace and as such phishing is very popular. Phishing also lies in the gray area of the law, as it isn't typically done by illegal slicing but by passive external monitoring. Because of these shaky laws, phishing is done by many megacorps and marketing agencies to tailor advertisements to certain populaces.
Scrambling data jumbles up outgoing signals. Note that all communications, such as telling, audio and visual links from one pearl to another are all automatically encrypted. Scrambling is simply preventing phishing software from gleaning nodes visited, ASNs accessed and what cybersphere the ID is originating from.
Phishing software cannot intercept scrambled data. In addition, it cannot ping cloaked s-link IDs.
Software
Screen
Screening software is used to protect point-of-entry s-link ports. They prevent unauthorized access. Typical screening software that comes with every s-link port is considered average security. A hacker can upgrade it one level by making a Computer Use check (DC 20), doing so takes two hours. One can write his own screen software, average security requires beating a DC of 20 and taking one hour. Each additional level is +5 to the DC and requires another hour.
If screen software is destroyed the system will obtain a new copy. Doing so takes five minutes.
Picket
Picket software scans, detects and removes unauthorized sessions and malicious software. Average picket software has a Computer Use modifier of +10; each additional level adds +2 to its checks. Once picket software has detected an unauthorized session or an account committing an illegal action, it will attempt to terminate them by making opposing Computer Use checks. These accounts will also be flagged and administrators will be notified. Every round, the picket software will make a check against the session until the session is terminated or the software is destroyed. Due to its heuristic process, each additional minute the picket software gains +1 to its checks.
If picket software is destroyed the system will obtain a new copy. Doing so takes five minutes.
Barrier
Jamming software, barriers are inserted into an s-link’s connection to disrupt it. Simple barrier software can be written by a successful Computer Use Check (DC 20) in one hour and can be overcome by beating a DC of 15. Complex software takes an additional hour to write with a DC of 25, it has a deactivation DC of 25. Advanced barriers take three hours to write (DC 30) and a Computer Use check to deactivate (DC 35).
Cloak
Cloaking software hides an s-link ports ID or a session from scans. To detect a cloaked s-link ID, a DC of 25 must be beaten. If a cloak is used to hide a sliced entry, it provides +5 to the detection DC of the session. It takes a Computer Use check (DC 25) to write the software and two hours.
Confiner
Confiners try to isolate an unauthorized session, preventing it from accessing other portions of the system while pickets remove the infected code. Confiners make opposed Computer Use check against the hacker using a modifier of +10. If they succeed a hacker then must beat a DC of 30 to access any other portion of the system.
Kaos
Kaos software are extremely powerful and illegal programs that are designed to disrupt and destroy any systems that it can access. It spreads fast, aiming for total inference and disruption of an area. Kaos software are typically used when subtlety is not needed, like a smash-and-run or a full-out assault. An area infected by kaos software will suffer communication loss, static in ARs, loss of cybersphere connections, corruption of programs and collapse of firewalls.
A kaos attack is immediately noticed and it will start to affect s-link connections. Kaos software that has been dumped into the immediate vicinity will attempt to enter ASNs and other systems, causing them to overload and shutdown. It will try to jam all outgoing communications. Anyone within three hundred feet will suffer loss of cybersphere connection and interference in communications and some static in their AR. ASNs within the area will collapse under the massive denial-of-service attacks. Nodes that suffer a kaos software attack will collapse, terminating all connections and rebooting.
Any affected user or system must make a Computer Use check to retain its s-link connections (DC 35). Failure of this connection will result in a collapse of a connection. An attempt to reconnect can occur every round. In addition, any communications that use s-link technology is considered jammed, with a Computer Use check required to override the software (DC 30). ASNs that are affected also must shutdown and restart the next round. Each additional round, a Computer Use check (DC 25) is required to stay activated unless the s-link connection is severed. Systems that have hardlines are unaffected, however if they have an active s-link connection and fail a DC, then they are considered inflicted.
A kaos attack will attract the planet’s Department of Cybersphere Security or equivalent. After six rounds, the DCS will perform an area purge, rebooting all systems and s-link ports that are affected. It will also dump a massive amount of countermeasures into the area that will completely eliminate the kaos software attack in 1d6+1 rounds. Kaos software can be delivered by the Uninet to a specific regional location or node. Unless a hacker carefully covers his tracks, doing so will mean that the Uninet Security Council can locate the kaos software’s point-of-origin and turn the s-link ID over to the local DCS. Using kaos software is usually a three to six year jail or suspension sentence with fines ranging to hundreds of thousands Colonial dollars.
Writing kaos software requires a Computer Use check (DC 45) and takes up to three weeks of work. The software is a one-shot software and can never be reused.
What do you guys think? I basically went through and tried to convert as much of SR's rules as possible. Any changes, suggestions or comments you have? Playbalancing issues? Also, if someone wants to adapt this for their own game, feel free. Thanks for the help!
Talonrazor on
0
Posts
Why do you need these rules?
Why did you decide to use D20?
Why did you base them off of Shadowrun and Hamilton?
How does your choice in system reflect the source material?
What role will these rules play in the campaign?
I can tell you right now that this makes Computer Use a lot more useful. Whether this becomes unbalancing depends on how their used.
All your answers are reflected in my game thread, Novo Aether. We tried out the rules tonight and they work spectacular. Jamming and slicing was prevalent and it really expanded our techie roles. We'll be using them and I'll probably see about expanding them as time goes on.
As far as Fuzzball's rules go;
The rules are necessary because the setting is a d20 Future game, which doesn't handle straight-hacking very well (it's not really ever brought up).
We're using d20 for the rules because the game they're being used in is a d20 game.
I dunno so much number 3, but I believe Talon's view for the computer networking of his setting is based heavily on SR.
I dunno.
These rules are working to make characters like mine or Aivas, who are both very technical characters, have some role in encounters where we'd otherwise be unhelpful. It also allows more in-depth computer use than just 'I want to hack it' 'Okay roll.' >>
Sorry, as soon as I saw Peter F. Hamilton had to get out of the thread before the rapes started.
Hey, that guy's science-fiction work may not be oh so pretty but I love 'em. His technology is pretty close to Shadowrun's, plus the books are massive. I like big long epics so the guy's a great way to waste a few hours. And I'm not looking for a critque on possible idea sources, I'm looking for a critque on the rules, ok?
Ok.
What I'm really concerned about is if the DCs on most of the checks and software are set to a level that provides fair play-balancing. Or if anyone has any additional ideas to fluff them out a bit more, I'd love it.
Salt's right on all of his answers. I actually wrote these rules with Shadowrun open in front of me, trying my best to translate it (loosely) to d20. That's pretty much their entire point.