Posts

• Nov 3, 2023

  The Great Tabletop Hackaton: Cyberpunk RED

  

  In this post we’ll take a look at Cyberpunk RED, the current edition of Cyberpunk-the-game. It’s meant to be the followup to Cyberpunk 2020, and in a nice bit of synchronicity it was published in 2020. It’s kind of a companion piece to the Cyberpunk 2077 computer game, since according to the foreword the two works started being made at around the same time.

  CP RED provides what the critics of previously attempted 2020 sequels most wanted: more of the same. It takes the 2020 setting forward to 2045 by essentially doing a copy-and-paste on the timeline to extend it, so you have a new and improved ecological collapse, a new and improved corp war that leaves plenty of cybered-up veterans, and so on. Of course, it’s not an exact copy and a lot of things are different, but the tone is almost exactly the same as 2020.

  One of the things that underwent a big change was the Net, which we’ll look at now.

  Setting Overview

  The Net of Cyberpunk RED contains about the same amount of space magic as its 2020 ancestor, but it looks different. Somewhere around 2023 or so, iconic netrunner Rache Bartmoss releases a bunch of data-destroying rabid AIs into the old Net. They do so much damage that the authorities who oversee the old telecom grid decide to shut it down entirely, in the process undoing the spell that made the use of virtual reality possible.

  Nowadays there’s still the notion that the Net is a parallel dimension, but it’s a dangerous and fractured one. Each city has their own small Net realm, isolated from the world by firewalls, and in between you have the wild and wooly domains of rogue AIs and demon programs. Why do we need firewalls to keep them at bay if there are no physical lines connecting them to us any more? Shut up, that’s why. Any similarity between this and Shadowrun’s deep astral planes is probably a coincidence, which is kind of a waste in my opinion.

  Inside the city nets, someone came up with a new spell in 2035 that once again let people see the virtual aspect of the Net in a simplified form. Now you can put on a set of “Virtuality” goggles and see the parallel dimension of the Net overlaid over the physical world, with every connected object having a corresponding icon. The main difference here is that more things have icons, and you can no longer leave your body behind.

  Standard users mostly use the city nets through devices called Agents, which are a bit like slightly smarter smartphones. They can use these for pretty much everything we’d use the Internet for, except that they’re just accessing the local city net.

  Hackers are still called netrunners, and they still use cyberdecks. The servers they hack are named Architectures, and can represent any device complex enough to be the target of a netrun, not just mainframes. Due to the even stronger “parallel dimension” metaphor here, you can only hack an Architecture if you’re within about six meters of one of its physical access points. Netrunners can no longer work from home. Devices not complex enough to warrant an Architecture (including Agents) can be tampered with using electronics skills.

  Mechanics Overview

  Hackers are still named netrunners. To do their job they need the Interface skill, interface plugs, “Virtuality” glasses and a cyberdeck. Cyberdecks in RED look like their portable ancestors in 2020 and come in three generic tiers that differ by the number of Option Slots they have (5, 6 or 7). Each Option Slot lets you install a program or hardware expansion in your deck. Decks are not uniquely expensive - their prices are in line with other types of specialist gear in the book. Once you earn more money you can perhaps buy an armored jumpsuit with a deck compartment that gives it an extra slot.

  Most actions you can perform in a netrun can be done with the Interface skill alone, including a basic attack. The roll is almost always 1d10 + Interface against a difficulty set by the Architecture you’re hacking. Programs come in three categories: “boosters” that can give bonuses to some of those basic rolls, “attackers” that act as better weapons than your basic attack, and “defenders” that reduce or negate damage while they’re active.

  Netrunning happens faster than physical combat. Characters only get one “meat action” per turn, but netrunners get a number of “Net actions” proportional to their Interface skill. Some net tasks require meat actions, but you can’t use net actions to do physical tasks. Programs that need to be actively used take a net action to activate and can only be used once per turn, so there’s an advantage to having multiple copies of the same attack program loaded. Controlling a physical device takes a Net action, but each device can only perform one action per turn as well.

  Architectures are relatively abstract and modeled as tables. Each row in the table is a level in the architecture, and it contains one thing. That thing could be a file, a controllable device, or a security program. Netrunners start at level 1 and can move down one level at a time. They don’t know what’s in a level until they get there for the first time, and possibly pass some tests to analyze the thing they find. If it’s a security program, it will prevent them from descending further until dealt with. The stuff they want to steal or sabotage tends to be in the middle or lower levels of an architecture, protected by a few security layers. They can move through already-explored layers freely.

  Security programs range from password barriers to Black Ice, which is very dangerous and can move through the architecture to chase a netrunner. It’s pretty much a monster that you need to fight or die trying. Netrunners can also run Black Ice from their decks, and order them to kill other netrunners or programs in combat, but they take up 2 slots instead of 1. Black Ice tends to attack right away - forget stealth for the most part.

  Another type of security program is the Demon, whose main purpose is to control physical devices like turrets, drones, and traps to fight intruders. They’re relatively weak at Net combat, but it’s hard to find and destroy a Demon that’s shooting at your meat with a pair of heavy machine gun turrets…

  Run Parameters

  I don’t think there’s a ready-made sample netrunner in the book, but the book does include all we need to generate a quick-and-dirty one so let’s do that. I think I do have some supplements that might have suitable ready-made Architectures that fit our purposes, but if they do not then we can generate one.

  Our Netrunner: G0blin Jr., daughter of G0blin.

  Proudly carrying on the family tradition. Lazy but lucky.

  INT 7 REF 6 DEX 7 TECH 7 COOL 6 WILL 3 LUCK 6 MOVE 5 BODY 6 EMP 5

  HP: 35 Death Save: 6

  Cyberware Capacity: 14/60

  Skills

  Interface 4. Other stuff from the Netrunner Street Rat Pack as it becomes relevant.

  Cyberware

  Neural Link, Interface Plugs, Shift Tacts.

  Equipment

  • Very Heavy Pistol with 30 rounds
  • whole-body Light Armorhack (SP 11)
  • Agent
  • Cyberdeck (7 slots)
  • Virtuality Goggles
  • Programs: Armor, Sword x 2, Worm, Eraser.
  • Clothes.

  Our Target Systems

  As for our target system, I could have made a single architecture for everything, and the examples I have here kinda point in that direction, but I really feel like this would benefit from the same approach as Shadowrun 4th Edition.

  So we’ll have three Architectures here. One for the office network, one for the security server, and one for the secret server. All individually small, but the latter two with somewhat elevated security for their size. I’ll use the random generator to help me with this.

  Office network is Basic and has 7 levels, Security server is Standard and has 9 with a branch, the secret server is Standard and has 6.

  Office Network:

  1. Password DV 6
  2. Skunk
  3. Asp
  4. File (DV6) - Worthless
  5. Password DV 6
  6. Wisp
  7. File (DV8) -> Accounts

  Security Server

  1. Skunk
  2. Password DV 8
  3. File DV8 - logs, worthless
  4. Hellhound, Killer

  Left Branch

  1. Control DV8 - Camera
  2. Control DV8 - Alarm Sensors, as Camera.

  Right Branch

  1. Skunk
  2. Asp
  3. Control DV8 - Door

  Secret Server

  1. Password DV8
  2. Skunk
  3. Wisp
  4. Hellhound
  5. File DV10 - The Evidence
  6. Killer

  We’ll soon see how Junior manages these systems. I relied more on the random generator here than on my own judgment, it might be that this ends up being too hard.

  My predictions are: since there is a lot of black ice in there, we’ll see plenty of combat, but I also expect this to go fast. Either Junior kills everything and completes the objective, or she dies fairly early while hacking the security server. Probably while fighting the Killer/Hellhound duo.

  If the worst happens, I’ll adjust the difficulty down a bit and try for a successful run, timing how long that took.

• Oct 31, 2023

  The Great Tabletop Hackaton: Shadowrun 4th Edition, Part 2

  

  After setting up our parameters in the previous post, we start the run here.

  I actually ran this one a couple of times, because it took me a bit to fully internalize the rules. My main mistake was assuming I was familiar with them already and only reading them superficially to “refresh my memory”. This made me get some crucial basic facts wrong, causing my first run to be really fast but incorrect.

  So I made an additional run where I tracked the die rolls accurately and got detected in one of the hacks. Then I read the rules outside of the Matrix chapter more closely and made another one where I spent Edge more wisely and accomplished all goals without being detected. I’m referring to these as the loud and silent runs. They are recorded below as a single account with notes on how they diverge.

  Diff-merging Timelines

  Our hacker enters the building with is team. They get past the reception as usual, receiving temporary badges. Once inside, he feels a “sudden” need to go to the bathroom, and locks himself inside a stall. He spends a couple of turns scanning for the badge’s wireless signal, and finds it.

  He then tries to hack into the badge, still using AR because it’s a fragging’ badge. He succeeds quickly. As expected the badge can’t do a lot, but it knows how to talk to the security server and now so does the hacker.

  Our hacker then switches to VR and goes hot, after bracing himself so he doesn’t fall down in the stall. He tries to get himself security-level access because he knows from examining the badge that user-level accounts do nothing in this server.

  This is where our timelines diverge. In the loud run, he gets in but also gets detected. The server issues a restricted alert against his persona, triggers the Blackout ice, and pings the guards. Restricted alert means the server’s Firewall increases by +4 against the hacker.

  The hacker and the IC go into cybercombat, with the hacker winning initiative. Cybercombat here resembles the SR1 version a bit, though the exact things you roll are different. With the expenditure of a couple points of Edge, our hacker manages to destroy the ice at the start of the second combat turn, without suffering any trauma to his brain meats. Still, in this timeline the guards are suspicious of the team.

  In the silent run, luckier rolls let the hacker in without being detected.

  In both, the hacker manages to disable the camera and alarm, letting the team move into the records room. While they perform a physical search for hard copies, our hacker jacks into the secret isolated server and goes into hot sim VR again. He manages to get in undetected, though in the silent run he has to spend the Edge he didn’t spend in combat to do so.

  I rule that finding the files requires no tests, as this is only a single node and the existing data search rules are for searching the Matrix.

  Still in the records room, our hacker decides to be daring and hack the office network in search of those drainable accounts. This network has a wireless signal covering the whole office and is quite visible, so he gets right to it.

  At first, our decker easily hacks himself a user account. From there he runs a data search on the network’s user directory to find the one who has access to the bank accounts, and then attempts to gain access to it. I give this a low Threshold because it’s a small intranet.

  Finding the accountant’s profile, the hacker attempts to hack into it. That’s like starting from scratch, this time going for a security account. Again the hacker manages to get in undetected, and again in the silent run he needs to spend Edge to do this.

  Draining the account requires no additional rolls. And since our hacker retained his account at the security server, unlocking the back door requires no rolls either. Of course, in the loud timeline there’s a very high chance that they’re doing this during a firefight, as the guards are extra-suspicious and would have known to check the records room…

  The loud run that had cybercombat and an alert took 31 minutes. The silent one took 17.

  Run Analysis and Impressions

  This system is my personal favorite so far, and I had to actively keep myself from adding little cool bits that kept appearing in my imagination, because I’d otherwise would have found myself running an entire solo adventure, controlling the whole team and imagining dialogue in my head.

  Having “my” character be present with the group certainly helped stir the imagination, because he wasn’t sitting pretty at home. I had to think about how he navigated the physical site with the rest of the group, and from where he’d jack into VR to avoid suspicion, and so on.

  I do love that the system was very fast compared to the other ones so far, but I wonder how much of that is down to the design of the target nodes. I’d love to hear about how people design their own adventures.

  We can see how Shadowrun’s system still favors silent runs here. Cybercombat against even a single instance of ICE takes a while to resolve, and the more of it there is the longer the run will take. Careless hackers could easily find themselves having to deal with multiple ICE cubes at once, perhaps even in different hosts, and that will drastically lower their chances of success. More advanced rules let hackers run their own agent programs, which helps fighting the icy hordes but makes things take more real time to solve.

  That said, let’s see how our sample runs here fit with the physical team’s.

  If we again assume the physical part of the run takes 50 minutes for a perfectly stealthy team and 90 minutes with a firefight on the way out, then it’s also possible to correlate our diverging runs to each of these scenarios. The perfectly sneaky run would mean a perfectly sneaky hack. The loud run would almost certainly be caused by that alert we got, unless our talker was amazing at their job.

  So, in the more common silent/silent and loud/loud scenarios, our hacker took up around 25% of the total session time, which is pretty close to ideal in a four-player party. In an anomalous loud hack/silent run scenario, they take up a little under half the run time. And in a silent hack/loud run situation, they take around 15% of the time hacking the objectives and can spend the rest of their spotlight time helping out in physical combat.

• Oct 30, 2023

  The Great Tabletop Hackathon: Shadowrun 4th Edition

  

  For this post we’ll be using Shadowrun 4th Edition, published in 2005. More specifically, we’ll be using the 20th Anniversary core book published in 2009, which uses the same base rules as 4th Edition but incorporates errata and some material that was previously published in supplements.

  Setting Overview

  If Shadowrun 1e’s Matrix was inspired by 80s mainframes, then 4th edition’s is inspired by the Internet as it was in 2005, plus some reasonable extrapolations of things that were in fashion among futurists then but didn’t necessarily pan out in the following decades. It does end up looking a lot like what we actually have here in 2023, with a few important differences.

  Instead of being built around high-speed cell towers, the mobile Matrix is a ubiquitous wireless mesh network. Individual devices in a mesh cooperate to route its network traffic without the need for central coordination.

  The Internet of Things was also in fashion, so every object that could possibly have a use for built-in computing and network capability has that capability. Most of those devices are fairly limited, but computer hardware is apparently so cheap and standardized that many of them have unused capacity that could be repurposed by a clever hacker. One example is someone converting cheap appliances into mesh routers to to bring connectivity to a “dead zone”. It’s also easy to turn off a device’s wireless capability with a simple command or in some cases a physical switch.

  Almost everyone carries a commlink, a device that’s equivalent to a real-world smartphone in form factor and usage. They often connect to a variety of peripherals, more limited devices that are built to talk to commlinks and not to the wider Matrix. These range from augmented-reality glasses to that smartlinked gun your character owns. A big server of the sort that’s the target of a hacking run is called a nexus. I will just say “server” instead.

  Augmented Reality is a big deal here, with most things connected to a mesh having some sort of AR presence, and general interaction with your commlink and the Matrix happening through AR interfaces. If you can use AR to help with your current task you gain a bonus to the roll. Examples include finding your way around town with that handy videogame-style minimap, overlaying a blueprint and instructions over the thing you’re fixing, firing a smarlinked gun, finding someone in a crowd when you have a face-recognition database, and so on. One can also choose to go “full VR”, which more useful for certain applications (mainly hacking).

  Secure facilities of the sort shadowrunners are hired to break into have internal mesh networks. They use tactics like limited signal ranges and radio-blocking paint to keep their signal contained to the physical space they service, and might not be connected to the wider Matrix at all. In some the paydata is going to be in a server that’s only accessible via wired connection or even via its own terminal. While sometimes it’s still possible for a hacker to work from home, they will most often have to hoof it alongside the rest of the team and take on devices and intranets as they come.

  Just like it happens with Shadowrun 1e, a lot of criticism of this model comes from a mismatch between the person’s understanding of the modern (2023) Internet and the model they used to build the Matrix in the books. It’s a bit worse here both because of the usual edition warrior shenanigans, and because the differences are more obscure. On the bright side it’s a lot easier to change the explanation behind the Matrix to a 2023-current one here than it would be to do the same to Shadowrun 1e’s 80s extravaganza.

  Mechanics Overview

  Hacker characters are called, well, hackers. They use powerful commlinks and a suite of specialized software to hack mesh-connected devices. Most often this means some peripheral or commlink-level device like a camera, alarm, door or handy pieces of scenery like unattended cars and other things that can be used to ruin an enemy’s day. It can also mean hacking into a big nexus to steal data and generally do the same things you could do back in SR 1. All devices are described by the same set of attributes, and use the same types of programs.

  Stuff like memory, storage, file sizes, and download speeds are still considerations in the fiction, but they don’t get detailed rules. Unless the GM judges a given chunk of data is too large, you can download it in one turn and store it in your commlink. Some really huge files might take multiple turns to download or might not fit your storage at all, and the GM decides when that’s the case based on common sense. You don’t need to worry about storing your run’s paydata, but you also can’t try to get cute and download the entire public Matrix into a talking teddy bear.

  Hacking a device means obtaining illicit access to a user account inside it. If you have set of legitimate credentials for your target account then you don’t need to roll anything. Otherwise you can gain access by either probing the device over a period of hours or days, or by hacking on the fly. The latter is an aggressive approach that happens in combat time and carries a much higher risk of detection.

  Hacking can be done in AR or VR. There are several advantages to doing it in VR, and even more for doing it with the safety limiters turned off (a condition known as “hot sim”). Hot sim is the preferred way to hack important nodes, but it also leaves you vulnerable to lethal damage from Black Ice.

  There are three types of user account. Standard accounts can view and mess with their own data and perform basic functions of the device. Security accounts have access to more sensitive functions and thus are more protected. And administrator accounts are the most protected and have full control of everything. Individual nodes in adventure descriptions should also include a description of which account tiers they support and what those let users do.

  It’s also possible to use a technique called “spoofing” to send single commands to nearby devices by pretending to be someone who’s authorized to do so. This is probably what you’re going to use for one-off environmental fuckery.

  There is no Hacking Pool here, but all characters can spend Edge to boost any roll by doing things like rerolling failed dice.

  Run Parameters

  For the first time in this series our Hacker will be joining the physical team on-site. In this game, it’s common for a site to have more than one server, and for the really important ones to be isolated from the outside Matrix. This means the servers containing our main mission objectives can’t be hacked remotely.

  As usual the core book provides us with a very handy sample Hacker which we can use for our run. This one’s an ork dude with an implanted commlink with all attributes at 5 and a full set of programs whose ratings vary between 2 and 5. His skills vary between 4 and 5 too. He’s better at sneaking around than at cybercombat, so we should take care not to trigger any alerts.

  I don’t have a ready-made target site for him to hack, but I found this free document with some example sites and I’m going to take inspiration from this, from the SR1 mainframe, and from what little I know of real life to design a target network. Here it goes:

  This company has a public site but that doesn’t get stats here because it’s hosted in some cloud provider elsewhere. It has an internal office network for its day to day business, separated from the Matrix by a beefy firewall. The firewall node is also not relevant to us because we’re hacking the site from the inside.

  We’ll treat the entire office network as a single node: System 4, Response 4, Firewall 3, Analyze 2. User-level accounts allow each user to perform their daily work. The company’s accountant has a Security account that can access and manipulate the company’s money, and we need to breach it in order to steal that money. The network’s standard ice has Pilot 3, Analyze 3, Attack 3, Armor 3, and triggers when the node detects any unauthorized access. There’s another piece of ice here (Pilot 4, Analyze 4, Stealth 4, Track 4) that gets activated if the system detects unauthorized access to the security-tier account. It tries to trace the intruder’s connection and notifies the authorities when it succeeds.

  Separate from the internal network, there is a security server in charge of alarms, cameras, badges and lockable doors. User accounts in this server let employee badges open some doors, but not the one that leads to the record room. Security accounts let their user operate alarms and cameras. The security server has its own wireless signal that covers the entire office, but it doesn’t connect to any other server and accounts on other hosts aren’t valid here. We want at least a Security account to perform most of our objectives. If the hacker is on site they might also try to spoof the individual devices.

  The security server has System 4, Response 4, Firewall 4, Analyze 4. Its ice, which activates when an intruder is detected, has Pilot 4, Blackout 4, Armor 4. Any guards currently connected might also be alerted to the intruder. The server operates in hidden mode, so our hacker needs to find it before trying to hack it.

  Cameras, alarms and doors attached to the security server all have Device Ratings of 3 and can be individually hacked or spoofed. Employee badges have Device Ratings of 2. All are subscribed to the security server.

  The secret file server containing the evidence is located in the records room. It has no wireless interface at all, only a cable jack and a physical terminal. It has the same stats as the Security server: all stats at 4 plus Analyze 4. Its ice has Pilot 4, Black Hammer 4, and Armor 4, and is of course illegal for the target to possess. It has only security and admin accounts.

• Oct 28, 2023

  The Great Tabletop Hackaton: Cyberpunk 2020

  

  For this post, we’ll be using Cyberpunk 2020 Version 2.01, published in 1993 if I understood the copyright notice correctly. The original edition of Cyberpunk was from 1988. Cyberpunk 2020 came out in 1990, and this version only adds minor corrections on top of that. I’m given to understand the rules themselves didn’t change much from the original edition.

  I used to own a physical copy of this corebook back when I was a teenager, so I also get a bit of cozy nostalgia for looking at the PDF of it now, but I would definitely not play it as written today.

  Setting Overview

  The setting’s global network is called the Net, or sometimes the NET in all caps. I’ve heard claims that it doesn’t take inspiration from Neuromancer, but the description I’m reading here leans as much into Neuromancer imagery as Shadowrun’s.

  Hacker characters are called Netrunners, and they use devices called cyberdecks that range from the size of a desktop workstation to the size of a paperback book, with a lot of plugs for neural interfaces and data lines but no built-in keyboard or monitor. Decks all have the same starting stats, but smaller and more portable models are more expensive. The most expensive deck is the only one that has a built-in cellular modem. All the others need to jack into landlines or directly into target devices.

  The most expensive decks are cheaper than a subcompact car, and they get much more affordable if you give up that cellular modem. However netrunners are still a specialized niche because Cyberpunk 2020 is a class-based system. Netrunner is a specific class (or “Role”), and only they get the Interface skill that’s used for hacking.

  While Shadowrun’s Matrix uses mainframes as the “backing” for its sci-fi chrome flash, behind CP 2020’s flash is yet more flash with a dash of space magic. The overall Net still works kinda like a phone grid, but the book works very hard to make the reader see it as, effectively, a parallel dimension. Back in 2014 some researchers effectively cast a spell over the telecom grid and turned it into a “conceptual space” where each phone line and connected device is located in a point analogous to its physical location. When you connect to the Net you form an “ICON” (all caps) representing yourself at the point of entry, and accessing other servers means making that ICON actually travel the distance between its entry point and the destination. If you’re in Night City and your destination is in Japan, there’s no way to reach it except hopping into a Long Distance Link and flying over the entire Pacific Ocean.

  There are serious musings about how the “empty space” you fly over while traversing these links is teeming with unindentified greeblies because every computer is on the Net by simply being turned on. If it doesn’t have a connection, it’s still on the Net, it’s just unreachable from the telecom grid. Adding new connected systems “physically increases” the size of the Net, and you could extend it to space by launching a server in a spaceship.

  Mechanics Overview

  There is a lot of talk about local and regional telecom grids, much like in Shadowrun, and a big emphasis on paying your phone bill for your home landline or cellular modem, because CP 2020 never loses an opportunity to joke about militarized debt collection squads.

  The main reasons to run the Net are to provide support to a physical team, and to recover data from a target server. We can surprisingly already see the image of the netrunner who stays together with their team here and hacks a series of remotely controlled devices, doing stuff like controlling robot cars or opening doors without having to do a full run. However only some PCs will be able to do this out of the gate, since they might not have the cash for that cellular portable deck. Oh, and this is an 80s cell, so moving too fast will break your link. No 5G for you!

  For those who can, there’s a series of control programs designed for different types of device. Anything that can be described as “computer controlled” can be hacked this way if the PC has the appropriate program, since due to SPACE MAGIC, everything computerized is automatically in the Net. There are also programs for remaining hidden, getting past barriers, and attacking both other programs and other people. Everyone is going to want these even if they’re using a desktop.

  The netrunner’s Interface class skill is required to run the Net at all, but is not used for all netrunning tasks. Its main use is in combat against security programs (IC, “ice”) or other netrunners. Due to the way the character creation system works it also determines your starting money.

  The kind of server you expect a netrunner to hack is called a Data Fortress. It vaguely resembles a mainframe, but as the name implies it goes all in on the VR Dungeon aesthetic, even harder than Shadowrun did. You’re not moving through an abstract representation of a mainframe, you’re crawling an actual dungeon-like structure drawn on a 10x10 square grid. It has walls, gates, and security programs acting like wandering monsters, and memory banks that work like treasure chests. They have CPUs that act like brains, and give them an INT score and possibly skills that are useful both in its day-to-day operations and when fighting netrunners. A Fortress with an INT of 12 or higher (which requires 4 CPUs) is a sapient AI and has a personality.

  Security programs are drawn from the same master list as netrunner programs. You place them like monsters in the dungeon.

  Run Parameters

  Sadly CP 2020 does not include sample characters, so we have to create one. We’ll also need to create our target system, because the example there is a bit too high level for us.

  Our Netrunner: G0blin

  So called because of his looks, he prefers to work from home.

  I’m using my Cyberware Capacity rules instead of Humanity, but that’s the only tweak I did here. I lucked out on the starting stat and cash rolls and decided to optimize my money by getting a desktop with expanded memory instead of a portable deck.

  INT 10 REF 9 TECH 7 LUCK 6 EMP 6 MA 5 COOL 4 BODY 4 ATTR 3

  Cyberware Capacity: 11/40.

  Career Skills

  • Interface - 8
  • Awareness/Notice - 5
  • Basic Tech - 4
  • Education - 3
  • System Knowledge - 4
  • CyberTech - 2
  • Cyberdeck Design - 4
  • Composition - 1
  • Electronics - 4
  • Programming - 5

  Pickup Skills

  Handguns 6, Stealth 6, Persuasion 1

  Cyberware

  • Neural Processor (1k, CC 6),
  • Cybermodem Link (100, CC 1),
  • Interface Plugs (200, CC 4)

  Equipment

  • Desktop deck (20 MU, Speed 0, Data Wall 2, 6k)
    • Killer 6 (STR 6, 5 MU, 1480 eb),
    • Stealth (STR 4, 3 MU, 480)
    • Wizard’s Book (STR 6, 2 MU, 400 eb)
    • Crystal Ball (STR 4, 1 MU, 140 eb)
    • Genie (STR 5, 1 MU, 150 eb)

  Our System

  

  By following the rules in the CP2020 core book, and with a little help from its random generation system, I came up with the Data Fortress depicted above.

  Here’s the key to the numbers and symbols in the file:

  • 1: Watchdog
  • 2: Bloodhound
  • 3: Stun
  • 4: Knockout
  • M*: Financial File, where the money is.
  • M**: Grey Ops file, where the evidence is.

  That Knockout was a originally a Hellhound, but I thought that might be a bit excessive since the book keeps describing it as the scariest thing ever, only employed by the richest and nastiest corporations. Still, there’s not much difference for us, as one hit from the Knockout will still ensure a mission failure.

  Run Summary

  G0blin arrived from the left side of the screen. The Watchdog next to the gate spotted him when he got close despite the running Stealth program. He destroyed it with one attack, and then proceeded to crack the gate. Inside, he first went right to the remotes and got spotted by another Watchdog. As before, he won initiative and destroyed it with one attack.

  Then he moved down, clipping through the CPU. He managed to stay hidden from both the Bloodhound and the much more dangerous Stun, bushwhacking them with sneak attacks. He examined the data stores there and drained the company’s accounts.

  Then he went into the little corner room for the final leg of the mission. The Knockout program didn’t spot him at first, but also didn’t go down with the sneak attack. They went to initiative, G0blin won, and finished the program off. This left him free to finish the mission, as both the door and evidence were right there.

  The run succeeded and took a total of around 21 game turns and 32 minutes of real time.

  Run Analysis and Impressions

  I found this less enjoyable than Shadowrun’s system, I guess, but it’s mostly because of me. I’m not a big fan of how this game views the Net, or of how much a net run resembles a roguelike dungeon crawl. Nevertheless it was faster.

  I do wonder if the quick runtime might have been because this host was too easy. How would it have gone if I used the Militech regional office that comes as an example as my system for this run? Or maybe I got something wrong when designing the fortress or running the session?

  Let’s assume I got things right and the physical team takes the same amount of time from the SR1 post to do their part (50 minutes for a perfectly stealthy run or 90 for one with a firefight). This means the hacker takes up anywhere from a third to half the session. That’s still more than the theoretic “ideal” ratio of 25%, but perhaps it could be alleviated with a bit of proper scene management.

  As far as VR dungeon crawls go, CP 2020’s are much more like brutal raids than Shadowrun’s careful sneaking missions. Non-combat programs add only their Strength to the d10 roll, while attacks and defenses use the netrunner’s INT and Interface skill as well. Attacks are also much more devastating, since most programs have a Strength of less than 6, and that 1d6 damage Killer programs do reduces Strength directly. Even if the target survives, it’s greatly weakened.

  On the other hand, if any of those anti-personnel programs had managed to act and hit our runner, they’d instantly be put out of commission and the mission would fail. That’s another way in which it resembles a roguelike: the key to victory is to bump the monster before the monster bumps you.

  There were several things that were unclear to me here:

  Do detection rolls happen only once, or do they happen every turn? I went with “every turn”, and this ended up making things more violent. Most ICE that initially missed G0blin ended up spotting him on the second roll and forcing him to enter combat.

  Do you need control programs to operate those remote icons from a data fortress? I went with “no” despite buying a couple of those for G0blin, because the examples were all about netrunners controlling physical objects close to them from meatspace. If I had went with “yes”, it would only have increased the amount of turns the run took by a bit, since G0blin only tried to control these remotes when all neighboring ICE had been killed.

  I also didn’t know what happened when a Watchdog spotted G0blin. Text said it “alerts its owner”, but does that happen immediately or does the dog have to run to where the owner is? I judged the program had to travel to the owner since the setting places so much emphasis on the “physicality” of the Net. That would be the terminal icon here in our map, but no dog ever made it there. If any had, we might have seen an enemy netrunner here and the run would have perhaps been harder.

• Oct 27, 2023

  The Great Tabletop Hackaton: Shadowrun 1st Edition Play Phase

  

  Run Summary

  After deciding on the design parameters for our Shadowrun 1st Edition Matrix run, I got my stopwatch and jumped right into it. I stopped it at the end of every node to keep a running tally of the elapsed time.

  Here’s the system map we’re using, for reference:

  

  Below is the account of events. As I mentioned before, the actual timed run was written in a brief shorthand and the account below was expanded for readability after the fact.

  Node 1 (SAN): Red-3, Trace and Dump-4.

  The Decker enters through Node 1, dialing the mainframe’s modem. Security here is unusually tight for a Shadowrun system - the target really doesn’t want anyone sticking their noses in his business.

  I hadn’t quite understood the rules here yet, thinking that you couldn’t use your Hacking Pool outside of cybercombat for anything but improvising programs.

  So our decker arrives here at Sensor range, improvises Analyze-7 with her pool, and runs that against the ICE, seeing that it’s a potentially dangerous tracer. She moves into Contact range and I roll Initiative even though we’re not in combat, just to have a sense of the flow of the action.

  She runs Sleaze against the Tracer using only the program rating, beating the ice but failing anyway because this is a Red node.

  From that point on I learn that you can use Hacking Pool dice on any Computer or program test even outside of combat, so I use some on the second attempt and pass even though that has increased difficulty. Ice supressed, we get to whisper “I’m in” into our comms.

  And here is where I realize there’s very little reason to be sparing with those pool dice, and that I can use pool dice even for tests with improvised programs. So my strategy for pretty much the rest of the run is to shout I AM SPEED and drop my entire Hacking Pool on any test that doesn’t happen during actual cybercombat.

  Total time elapsed so far: 1 turn, 13 minutes.

  Node 2 (SPU): Orange-5, Access-6

  Another beefy node, and our actual password prompt. Our Decker analyzes the Ice like before, and this fails with a tie. I rule a tie doesn’t activate the ICE. She decides not to try again and just tries Sleaze instead.

  I AM SPEED gets us through this just fine - Sleaze works against everything, but Deception would have worked here too. We can see two other nodes from this one, but not what they are. I decide to flip a coin to see where we go next, and we go right towards Node 3.

  Total time elapsed so far: 2 turns, 28 minutes.

  Node 3: SPU, Green-4, Barrier-3

  This is where I arrive at my final interpretation for improvised programs. Improvising them is part of the same action in which you run them, so while this takes only 1 action total, the pool dice you use for the script aren’t available for the test.

  Luckily Analyze’s rating doesn’t actually limit what it can discover, so we’re better off improvising an Analyze-1 script and chucking our remaining 13 pool dice into the test than going for Analyze-7 with 1 extra die. Having an actual Analyze program would be even better, but this is pretty good still.

  So our reckless Decker successfully analyzes the ICE and Sleazes past it using the same actions and approach as before. I AM SPEED wins again!

  She sees there are two connected nodes, and it’s right here that I realize she’s not actually in any danger at Sensor range and can back out after reconnoitering. So Ms. Decker moves into Sensor range of the two connected nodes in order to scout them all and see they’re an I/O Port and a Control node without any ICE in them. She then decides to move on to Node 4.

  Total time elapsed: 5 turns, 41 minutes.

  Node 4: I/O Port, Green-4.

  This node and Node 5 don’t actually have a security rating of their own, so I gave them the same rating as the SPU that was linked to them.

  We once again go with I AM SPEED, and our total of 21 dice easily takes care of the system operation needed to disable the camera. Per the rules, after either succeeding at a system operation or giving up after a number of failures, we need to roll a d6. If the result is less than or equal to the number of attempts, the system noticed something wrong and triggered an alert. We only had one attempt before succeeding, and we roll a 3, so no alert.

  Camera is off. First goal accomplished!

  Total time elapsed: 6 turns, 47 minutes.

  Node 5: Control, Green-4.

  Same deal as before, and same outcome. Alarm is off, second goal accomplished. And we took less time because I already knew what to do.

  Total time elapsed: 7 turns, 50 minutes.

  Node 6: SPU, Red-4, Killer-4.

  We still have data to steal, so we go to the only unexplored path so far and try to find data stores.

  After scouting the node, we follow your usual procedure of Improvised Analyze -> close to Contact range -> Initiative -> Sleaze, always using our whole Hacking Pool for each individual test. We suppress the ICE without issue. If you noticed how reckless we’re being, take a cookie.

  Further scouting reviews two data stores attached to this node. I flip another coin to decide where to go, and we go down to Node 8.

  Total time elapsed: 10 turns, 58 minutes.

  Node 8: Data Store, Red-4, Black Ice-5.

  Our usual Improvised Analyze routine shows us this data store is protected by Black Ice! This is scary, but is also a very promising lead.

  Disregarding the danger, our Decker goes all in and chucks her whole Hacking Pool into Sleaze again. She succeeds by exactly the needed amount and suppresses the ice.

  She then uses Browse to find any drainable accounts, because she doesn’t know the full layout of the system like we do. The operation succeeds but she doesn’t find anything. Boo!

  Remembering the actual mission, she Browses for incriminating evidence and finds it. She has enough disk space for the file, and no time pressure for the download, so we just wait a couple more turns. Third objective accomplished!

  She still wants to find that money, though, so she moves to the other data store at Node 7.

  Total time elapsed: 13 turns, 1 hour, 9 minutes.

  Node 7: Data Store, Red-4, Access-5

  Same deal as usual. Improv Analyze reveals the ICE, Sleaze gets past it, Browse confirms there’s nothing of value to the team in this node.

  Here is where I begin to notice that despite the different types of nodes and the flowery descriptions of virtual dungeons, we’ve been performing more or less the same sequence of tests in the same order, in a loop. So I guess a long enough Matrix run might seem a bit boring for the decker as well. I’m still having fun here, because lucky rolls have given me a string of successes, but I don’t feel like I’m in danger or having to make complex decisions.

  Anyway, the only unexplored node left is the CPU. A cautious decker might decide to cut their losses, perform the single remaining system operation they need, and jack out. But we’ve already established our Decker is not cautious, SHE IS SPEED!

  Total elapsed time: 14 turns, 1 hour, 20 minutes.

  Node 9: CPU, Red-5, Trace and Burn-6, Black Ice-4

  The setup is a little unusual here. This CPU has all the standard system operations available, and the Trace and Burn-6 is protecting those. It also has a link to the target’s bank account, and draining it counts as a custom system operation. There’s a piece of Black Ice protecting that operation only.

  So our Decker will have the run of the system if she neutralizes the Tracer, but to get the money she must also get past the Black Ice.

  She comes within Sensor Range, Improv-Analyzes both pieces of Ice, and sees what they’re protecting. She decides to deal with the Tracer first. I roll Initiative for everyone as she gets into Contact Range, but the ICE will only act if it activates.

  Despite the usual I AM SPEED approach giving us 19 dice to Sleaze past the Tracer, the node’s high security level prevents us from succeeding. We try again with increased difficulty, and this time a very unlucky roll gives the ice more successes, meaning it activates!

  The first thing Trace and Burn does upon activation is try to raise an Internal Alert in the system. This causes the ratings of all ICE to increase by 50%, so we’re actually dealing with Trace-and-Burn 9 now. The Black Ice also improves to Rating 6, but it remains inactive since it’s only protecting the bank account.

  We could have allocated dice from our Hacking Pool to an opposed test to “jam” the ice and prevent the alert from going through… but we already used all of them on the Sleaze attempt, and the pool hasn’t refreshed yet. This is why our Decker has been very reckless so far, as every piece of ice she faced until now could have done this on a failed test.

  On its first actual action, Trace and Burn rolls its rating to determine how long it will take to trace the Decker. We’re lucky here because this roll gets only 1 success, meaning it will take a total of 10 of the IC’s actions to do so. Once that time is up, though, her deck is toast.

  Our Decker switches to using the Attack program to destroy the Tracer before that happens. This is proper cybercombat, which works a little differently. The “to-hit” roll is an unopposed test with only with your Hacking Pool against the Node’s security. The program’s rating is your base damage if you hit, and it increases by 1 for every extra success past the minimum required to hit. Actual damage is your net successes in an opposed test of the ICE’s rating versus your damage pool.

  I end up using my entire pool in the to-hit roll, since any less than that means I won’t be beating the difficulty on average. It takes me 3 turns to destroy the Tracer this way, but since everyone acts multiple times per turn I only had 3 actions left before the trace completed. This was still somewhat repetitive since it was the same set of rolls every time, but it was also exciting since this is the first time our Decker is in any actual danger.

  With the tracer gone, she uses a system operation to cancel the alert and manages to Sleaze past the Black Ice and drain the target’s account. Bonus objective completed!

  With that done, she moves normally to the Control Modules and opens the final door, completing the mission’s objective. She then jacks out. Mission Complete!

  Total time elapsed: 19 turns, 2 hours and 4 minutes. This combat alone took 41 minutes to resolve.

  Run Analysis and Impressions

  I’m not gonna lie, I kinda feel like I completed an important life goal. I could never understand this hacking system when I was 12, but now not only did I grok it, I finished an entire Matrix run while using it. So I’m pretty happy, and I had fun.

  However, I must also conclude that all the criticisms leveled at this system are valid.

  As mentioned in the intro, we’re assuming our physical team has an easy time getting past the reception area. This would take some light roleplaying and a roll or two from our talker. That plus walking to the restricted area might take 10 minutes of real time, but it takes the decker 50 minutes to complete the goals that let them move forward from there.

  The next part of the physical mission will involve more tests and die rolls from the physical team. The Decker takes around half an hour of real time to find the electronic evidence, and it might be accurate to assume the physical team takes about the same or a little bit longer to sneak past the guards and find the physical documents. Let’s say 40 minutes for the physical team.

  Then the Decker decides to loot the server, and that takes 41 minutes. Unless the physical team is having an epic shootout at the same time as they try to leave the building, all they have to do is sit and wait. Otherwise they take maybe 10 minutes total to reach the back door and walk out.

  So a team that has a firefight on the way out might take up 90 minutes of real time, and a team that doesn’t will take perhaps 50 with their part of the mission. Our Decker is taking up at best over half and at worst over two-thirds of the session with her solo VR dungeon crawl. And this is all assuming a 100% buttery smooth session with absolutely no digressions, distractions, or rule arguments to make it longer.

  There was also a point where I kinda felt that the decking run itself was getting a little repetitive, because the “optimal” procedure to follow became obvious: Improv Analyze -> Sleaze, always dumping the entire Hacking Pool into each test. In actual cybercombat, I also ended up doing the same thing over and over until the enemy died. It was still enjoyable, but I could see it eventually overstaying its welcome even for the decker player.

  Finally, if it turns out that my rules interpretations were overly generous and this was supposed to be way harder, then all the criticisms I made become even stronger, because everything would take more time and more rolls.

subscribe via RSS