The protagonists of the 1995 movie Hackers.
Getting ready to hack the Gibson.

I recently got into a forum discussion about hacking in cyberpunk tabletop RPGs, as one does. This one was mostly centered around Shadowrun, and it touched on a lot of the reasons why one might want to play without a hacker PC even when you want to feature hacking in your game. It also got a bit into edition arguments, as it often does.

Shadowrun’s problems are more or less universal to the genre, as mentioned in the other post linked above. The first three editions go heavy into the whole Gibsonian VR Dungeon aesthetic and suffer from the classic problems from that approach. It’s also very inspired by how 80s mainframes worked, and rules aside it all made so much more sense to me once I realized that.

The fourth has something that visually resembles Ghost in the Shell or Cyberpunk 2077, where the hacker follows along with the group and hacks a series of smaller devices using an augmented reality interface. My recollection is that this is supposed to be faster, but the discussion in question had people complaining it wasn’t.

Cyberpunk-the-game is similar, with CP 2020 going in fully for VR dungeons, and CP RED going in for smaller localized servers that are also supposed to only take a small series of rolls to solve instead of an hours-long minigame. They’re are much less inspired by reality than Shadowrun’s (though this is of course not a knock on them, merely an observation).

There are also more recent games that try to either capture the nostalgic feel of old-school cyberpunk or to express the same themes in a more modern way. I’m thinking of Neon City Overdrive and Hard Wired Island, respectively. I’m not very familiar with them yet but I intend to change that.

And then you have GURPS, which has a few hacking systems of its own depending on which genre you’re talking about. The ones I’m interested in are the one from Pyramid #3/21, which emulates classic cyberdecks-and-mainframes hacking but could also work for GitS-style shenanigans, and the more streamlined one from GURPS Action.

And I kinda want to see if they all match the memories and impressions I have of them. Let’s try them all!

Hackathon Scenario and Rules

Picture a team of flawed but stylish urban mercenaries composed of a hacker, a sneaky talker, and a pair of sneaky bruisers. They’re on a mission to take down a corrupt and racist businessman, and they learned a company he owns stores the sort of evidence that can’t be ignored by the government: proof of rampant embezzling and tax evasion, in both digital and hardcopy forms.

Our mercenaries are going to infiltrate a small, single-office company, one of the many owned by the target. It does do legitimate business but also serves as a “stash” for records about the target’s illegal activities. Secret ledgers, blackmail material, and so on. Some of this lives in the company’s computer system, some of it is stored in hardcopy in a “records room” whose access is restricted to normal employees.

Employees and other authorized personnel can wander the legitimate business area of the office freely, but the “records room” can only be accessed by a small group of people who work directly for the target and drop by occasionally to use it. There’s a back entrance with an electronic lock so that these lieutenants can get in and out outside of business hours and/or without bringing too much employee attention to themselves.

The records room is watched by a camera and protected by an alarm that triggers if a stranger or even a normal employee tries to get close to it. There’s a small guard shift here during the day which increases at night. The guards know who the lieutenants are, and their duties involve keeping everyone else away from the room.

The office’s computer system will be different in every game. In all of them it’s supposed to be small but with tighter than expected security, because of what it hides.

The team’s mission is to infiltrate this office, steal all the evidence, and if possible drain the company’s accounts on the way out, because at the end of the day ya still gotta eat, chummer. Here’s how things are supposed to go, with a greater focus on the hacker’s part since this is what I’m interested in:

First, the team enters the building disguised as a maintenance crew. We’ll assume this part succeeds, giving them limited freedom of movement inside the office.

Next they must enter the records room. For them to be able to do this, the hacker must turn off a security camera and an alarm.

If the previous step succeeds, the hacker must locate and steal the target data from the office’s computer system. Technically, the best strategy would be to steal the evidence first and only then drain the accounts, but our hacker will do things in the order in which they run into the corresponding locations. The lure of money is strong when the account is right there.

Finally, the hacker must unlock the back door so the team can leave. Ideally they will do so quietly and with no one the wiser, but this could happen in the middle of a firefight. Possibly one caused by the hacker triggering an alert in the computer system.

For each of the following systems, I’m going to stat up a hacker character and a computer system that conforms to that game’s paradigm and rules. And then I’ll roll through the target session while timing how long it takes me.

  • Shadowrun 1st Edition

  • Cyberpunk 2020

  • Shadowrun 4th Edition, 20th Anniversary.

  • Cyberpunk RED

  • Shadowrun 5th Edition.

  • Neon City Overdrive

  • Hard Wired Island

  • GURPS Action with the Pyramid #3/21 system, both in “classic” and “modern” modes.

  • GURPS Action with its own system. Not sure this can accommodate the scenario, but we’ll see.

I’m using this particular list because those are the books I happen to own at present. I’m not sure if I want to spend money to acquire the hacking systems used in Shadowrun 2nd and 3rd Edition, though I do remember they are notably different from SR1.

The hacker and their equipment will be at roughly starting character level for each game, possibly with a slight tweak or two, and the challenges faced should be challenging but not impossible for the hacker. Whether the target devices are separate or part of the same single “target system”, and whether the hacker is even with the physical team, will depend on the system in question.

I have more practical experience with some of these systems than with others, but I will be studying all of them to ensure I do each run “right”. Preliminary study doesn’t count towards the timed session, but consultations that happen during the actual run do, because I’ve never been in a session where people didn’t have to consult the books for something like this.

I’ll be writing a lot of stuff down during the actual run, but I’ll try to be as brief as possible there. It’s still going to take a bit more time than doing it verbally, but I think it evens out because there will be no table talk or extra player questions getting in the way. I’ll write wordier summaries after the run is done, and these are the ones that will see publication.

All rolls will be made on Orokos, but I’m not going to save them and will just report the results in the article.