Posts

• Oct 31, 2023

  The Great Tabletop Hackaton: Shadowrun 4th Edition, Part 2

  

  After setting up our parameters in the previous post, we start the run here.

  I actually ran this one a couple of times, because it took me a bit to fully internalize the rules. My main mistake was assuming I was familiar with them already and only reading them superficially to “refresh my memory”. This made me get some crucial basic facts wrong, causing my first run to be really fast but incorrect.

  So I made an additional run where I tracked the die rolls accurately and got detected in one of the hacks. Then I read the rules outside of the Matrix chapter more closely and made another one where I spent Edge more wisely and accomplished all goals without being detected. I’m referring to these as the loud and silent runs. They are recorded below as a single account with notes on how they diverge.

  Diff-merging Timelines

  Our hacker enters the building with is team. They get past the reception as usual, receiving temporary badges. Once inside, he feels a “sudden” need to go to the bathroom, and locks himself inside a stall. He spends a couple of turns scanning for the badge’s wireless signal, and finds it.

  He then tries to hack into the badge, still using AR because it’s a fragging’ badge. He succeeds quickly. As expected the badge can’t do a lot, but it knows how to talk to the security server and now so does the hacker.

  Our hacker then switches to VR and goes hot, after bracing himself so he doesn’t fall down in the stall. He tries to get himself security-level access because he knows from examining the badge that user-level accounts do nothing in this server.

  This is where our timelines diverge. In the loud run, he gets in but also gets detected. The server issues a restricted alert against his persona, triggers the Blackout ice, and pings the guards. Restricted alert means the server’s Firewall increases by +4 against the hacker.

  The hacker and the IC go into cybercombat, with the hacker winning initiative. Cybercombat here resembles the SR1 version a bit, though the exact things you roll are different. With the expenditure of a couple points of Edge, our hacker manages to destroy the ice at the start of the second combat turn, without suffering any trauma to his brain meats. Still, in this timeline the guards are suspicious of the team.

  In the silent run, luckier rolls let the hacker in without being detected.

  In both, the hacker manages to disable the camera and alarm, letting the team move into the records room. While they perform a physical search for hard copies, our hacker jacks into the secret isolated server and goes into hot sim VR again. He manages to get in undetected, though in the silent run he has to spend the Edge he didn’t spend in combat to do so.

  I rule that finding the files requires no tests, as this is only a single node and the existing data search rules are for searching the Matrix.

  Still in the records room, our hacker decides to be daring and hack the office network in search of those drainable accounts. This network has a wireless signal covering the whole office and is quite visible, so he gets right to it.

  At first, our decker easily hacks himself a user account. From there he runs a data search on the network’s user directory to find the one who has access to the bank accounts, and then attempts to gain access to it. I give this a low Threshold because it’s a small intranet.

  Finding the accountant’s profile, the hacker attempts to hack into it. That’s like starting from scratch, this time going for a security account. Again the hacker manages to get in undetected, and again in the silent run he needs to spend Edge to do this.

  Draining the account requires no additional rolls. And since our hacker retained his account at the security server, unlocking the back door requires no rolls either. Of course, in the loud timeline there’s a very high chance that they’re doing this during a firefight, as the guards are extra-suspicious and would have known to check the records room…

  The loud run that had cybercombat and an alert took 31 minutes. The silent one took 17.

  Run Analysis and Impressions

  This system is my personal favorite so far, and I had to actively keep myself from adding little cool bits that kept appearing in my imagination, because I’d otherwise would have found myself running an entire solo adventure, controlling the whole team and imagining dialogue in my head.

  Having “my” character be present with the group certainly helped stir the imagination, because he wasn’t sitting pretty at home. I had to think about how he navigated the physical site with the rest of the group, and from where he’d jack into VR to avoid suspicion, and so on.

  I do love that the system was very fast compared to the other ones so far, but I wonder how much of that is down to the design of the target nodes. I’d love to hear about how people design their own adventures.

  We can see how Shadowrun’s system still favors silent runs here. Cybercombat against even a single instance of ICE takes a while to resolve, and the more of it there is the longer the run will take. Careless hackers could easily find themselves having to deal with multiple ICE cubes at once, perhaps even in different hosts, and that will drastically lower their chances of success. More advanced rules let hackers run their own agent programs, which helps fighting the icy hordes but makes things take more real time to solve.

  That said, let’s see how our sample runs here fit with the physical team’s.

  If we again assume the physical part of the run takes 50 minutes for a perfectly stealthy team and 90 minutes with a firefight on the way out, then it’s also possible to correlate our diverging runs to each of these scenarios. The perfectly sneaky run would mean a perfectly sneaky hack. The loud run would almost certainly be caused by that alert we got, unless our talker was amazing at their job.

  So, in the more common silent/silent and loud/loud scenarios, our hacker took up around 25% of the total session time, which is pretty close to ideal in a four-player party. In an anomalous loud hack/silent run scenario, they take up a little under half the run time. And in a silent hack/loud run situation, they take around 15% of the time hacking the objectives and can spend the rest of their spotlight time helping out in physical combat.

• Oct 30, 2023

  The Great Tabletop Hackathon: Shadowrun 4th Edition

  

  For this post we’ll be using Shadowrun 4th Edition, published in 2005. More specifically, we’ll be using the 20th Anniversary core book published in 2009, which uses the same base rules as 4th Edition but incorporates errata and some material that was previously published in supplements.

  Setting Overview

  If Shadowrun 1e’s Matrix was inspired by 80s mainframes, then 4th edition’s is inspired by the Internet as it was in 2005, plus some reasonable extrapolations of things that were in fashion among futurists then but didn’t necessarily pan out in the following decades. It does end up looking a lot like what we actually have here in 2023, with a few important differences.

  Instead of being built around high-speed cell towers, the mobile Matrix is a ubiquitous wireless mesh network. Individual devices in a mesh cooperate to route its network traffic without the need for central coordination.

  The Internet of Things was also in fashion, so every object that could possibly have a use for built-in computing and network capability has that capability. Most of those devices are fairly limited, but computer hardware is apparently so cheap and standardized that many of them have unused capacity that could be repurposed by a clever hacker. One example is someone converting cheap appliances into mesh routers to to bring connectivity to a “dead zone”. It’s also easy to turn off a device’s wireless capability with a simple command or in some cases a physical switch.

  Almost everyone carries a commlink, a device that’s equivalent to a real-world smartphone in form factor and usage. They often connect to a variety of peripherals, more limited devices that are built to talk to commlinks and not to the wider Matrix. These range from augmented-reality glasses to that smartlinked gun your character owns. A big server of the sort that’s the target of a hacking run is called a nexus. I will just say “server” instead.

  Augmented Reality is a big deal here, with most things connected to a mesh having some sort of AR presence, and general interaction with your commlink and the Matrix happening through AR interfaces. If you can use AR to help with your current task you gain a bonus to the roll. Examples include finding your way around town with that handy videogame-style minimap, overlaying a blueprint and instructions over the thing you’re fixing, firing a smarlinked gun, finding someone in a crowd when you have a face-recognition database, and so on. One can also choose to go “full VR”, which more useful for certain applications (mainly hacking).

  Secure facilities of the sort shadowrunners are hired to break into have internal mesh networks. They use tactics like limited signal ranges and radio-blocking paint to keep their signal contained to the physical space they service, and might not be connected to the wider Matrix at all. In some the paydata is going to be in a server that’s only accessible via wired connection or even via its own terminal. While sometimes it’s still possible for a hacker to work from home, they will most often have to hoof it alongside the rest of the team and take on devices and intranets as they come.

  Just like it happens with Shadowrun 1e, a lot of criticism of this model comes from a mismatch between the person’s understanding of the modern (2023) Internet and the model they used to build the Matrix in the books. It’s a bit worse here both because of the usual edition warrior shenanigans, and because the differences are more obscure. On the bright side it’s a lot easier to change the explanation behind the Matrix to a 2023-current one here than it would be to do the same to Shadowrun 1e’s 80s extravaganza.

  Mechanics Overview

  Hacker characters are called, well, hackers. They use powerful commlinks and a suite of specialized software to hack mesh-connected devices. Most often this means some peripheral or commlink-level device like a camera, alarm, door or handy pieces of scenery like unattended cars and other things that can be used to ruin an enemy’s day. It can also mean hacking into a big nexus to steal data and generally do the same things you could do back in SR 1. All devices are described by the same set of attributes, and use the same types of programs.

  Stuff like memory, storage, file sizes, and download speeds are still considerations in the fiction, but they don’t get detailed rules. Unless the GM judges a given chunk of data is too large, you can download it in one turn and store it in your commlink. Some really huge files might take multiple turns to download or might not fit your storage at all, and the GM decides when that’s the case based on common sense. You don’t need to worry about storing your run’s paydata, but you also can’t try to get cute and download the entire public Matrix into a talking teddy bear.

  Hacking a device means obtaining illicit access to a user account inside it. If you have set of legitimate credentials for your target account then you don’t need to roll anything. Otherwise you can gain access by either probing the device over a period of hours or days, or by hacking on the fly. The latter is an aggressive approach that happens in combat time and carries a much higher risk of detection.

  Hacking can be done in AR or VR. There are several advantages to doing it in VR, and even more for doing it with the safety limiters turned off (a condition known as “hot sim”). Hot sim is the preferred way to hack important nodes, but it also leaves you vulnerable to lethal damage from Black Ice.

  There are three types of user account. Standard accounts can view and mess with their own data and perform basic functions of the device. Security accounts have access to more sensitive functions and thus are more protected. And administrator accounts are the most protected and have full control of everything. Individual nodes in adventure descriptions should also include a description of which account tiers they support and what those let users do.

  It’s also possible to use a technique called “spoofing” to send single commands to nearby devices by pretending to be someone who’s authorized to do so. This is probably what you’re going to use for one-off environmental fuckery.

  There is no Hacking Pool here, but all characters can spend Edge to boost any roll by doing things like rerolling failed dice.

  Run Parameters

  For the first time in this series our Hacker will be joining the physical team on-site. In this game, it’s common for a site to have more than one server, and for the really important ones to be isolated from the outside Matrix. This means the servers containing our main mission objectives can’t be hacked remotely.

  As usual the core book provides us with a very handy sample Hacker which we can use for our run. This one’s an ork dude with an implanted commlink with all attributes at 5 and a full set of programs whose ratings vary between 2 and 5. His skills vary between 4 and 5 too. He’s better at sneaking around than at cybercombat, so we should take care not to trigger any alerts.

  I don’t have a ready-made target site for him to hack, but I found this free document with some example sites and I’m going to take inspiration from this, from the SR1 mainframe, and from what little I know of real life to design a target network. Here it goes:

  This company has a public site but that doesn’t get stats here because it’s hosted in some cloud provider elsewhere. It has an internal office network for its day to day business, separated from the Matrix by a beefy firewall. The firewall node is also not relevant to us because we’re hacking the site from the inside.

  We’ll treat the entire office network as a single node: System 4, Response 4, Firewall 3, Analyze 2. User-level accounts allow each user to perform their daily work. The company’s accountant has a Security account that can access and manipulate the company’s money, and we need to breach it in order to steal that money. The network’s standard ice has Pilot 3, Analyze 3, Attack 3, Armor 3, and triggers when the node detects any unauthorized access. There’s another piece of ice here (Pilot 4, Analyze 4, Stealth 4, Track 4) that gets activated if the system detects unauthorized access to the security-tier account. It tries to trace the intruder’s connection and notifies the authorities when it succeeds.

  Separate from the internal network, there is a security server in charge of alarms, cameras, badges and lockable doors. User accounts in this server let employee badges open some doors, but not the one that leads to the record room. Security accounts let their user operate alarms and cameras. The security server has its own wireless signal that covers the entire office, but it doesn’t connect to any other server and accounts on other hosts aren’t valid here. We want at least a Security account to perform most of our objectives. If the hacker is on site they might also try to spoof the individual devices.

  The security server has System 4, Response 4, Firewall 4, Analyze 4. Its ice, which activates when an intruder is detected, has Pilot 4, Blackout 4, Armor 4. Any guards currently connected might also be alerted to the intruder. The server operates in hidden mode, so our hacker needs to find it before trying to hack it.

  Cameras, alarms and doors attached to the security server all have Device Ratings of 3 and can be individually hacked or spoofed. Employee badges have Device Ratings of 2. All are subscribed to the security server.

  The secret file server containing the evidence is located in the records room. It has no wireless interface at all, only a cable jack and a physical terminal. It has the same stats as the Security server: all stats at 4 plus Analyze 4. Its ice has Pilot 4, Black Hammer 4, and Armor 4, and is of course illegal for the target to possess. It has only security and admin accounts.

• Oct 28, 2023

  The Great Tabletop Hackaton: Cyberpunk 2020

  

  For this post, we’ll be using Cyberpunk 2020 Version 2.01, published in 1993 if I understood the copyright notice correctly. The original edition of Cyberpunk was from 1988. Cyberpunk 2020 came out in 1990, and this version only adds minor corrections on top of that. I’m given to understand the rules themselves didn’t change much from the original edition.

  I used to own a physical copy of this corebook back when I was a teenager, so I also get a bit of cozy nostalgia for looking at the PDF of it now, but I would definitely not play it as written today.

  Setting Overview

  The setting’s global network is called the Net, or sometimes the NET in all caps. I’ve heard claims that it doesn’t take inspiration from Neuromancer, but the description I’m reading here leans as much into Neuromancer imagery as Shadowrun’s.

  Hacker characters are called Netrunners, and they use devices called cyberdecks that range from the size of a desktop workstation to the size of a paperback book, with a lot of plugs for neural interfaces and data lines but no built-in keyboard or monitor. Decks all have the same starting stats, but smaller and more portable models are more expensive. The most expensive deck is the only one that has a built-in cellular modem. All the others need to jack into landlines or directly into target devices.

  The most expensive decks are cheaper than a subcompact car, and they get much more affordable if you give up that cellular modem. However netrunners are still a specialized niche because Cyberpunk 2020 is a class-based system. Netrunner is a specific class (or “Role”), and only they get the Interface skill that’s used for hacking.

  While Shadowrun’s Matrix uses mainframes as the “backing” for its sci-fi chrome flash, behind CP 2020’s flash is yet more flash with a dash of space magic. The overall Net still works kinda like a phone grid, but the book works very hard to make the reader see it as, effectively, a parallel dimension. Back in 2014 some researchers effectively cast a spell over the telecom grid and turned it into a “conceptual space” where each phone line and connected device is located in a point analogous to its physical location. When you connect to the Net you form an “ICON” (all caps) representing yourself at the point of entry, and accessing other servers means making that ICON actually travel the distance between its entry point and the destination. If you’re in Night City and your destination is in Japan, there’s no way to reach it except hopping into a Long Distance Link and flying over the entire Pacific Ocean.

  There are serious musings about how the “empty space” you fly over while traversing these links is teeming with unindentified greeblies because every computer is on the Net by simply being turned on. If it doesn’t have a connection, it’s still on the Net, it’s just unreachable from the telecom grid. Adding new connected systems “physically increases” the size of the Net, and you could extend it to space by launching a server in a spaceship.

  Mechanics Overview

  There is a lot of talk about local and regional telecom grids, much like in Shadowrun, and a big emphasis on paying your phone bill for your home landline or cellular modem, because CP 2020 never loses an opportunity to joke about militarized debt collection squads.

  The main reasons to run the Net are to provide support to a physical team, and to recover data from a target server. We can surprisingly already see the image of the netrunner who stays together with their team here and hacks a series of remotely controlled devices, doing stuff like controlling robot cars or opening doors without having to do a full run. However only some PCs will be able to do this out of the gate, since they might not have the cash for that cellular portable deck. Oh, and this is an 80s cell, so moving too fast will break your link. No 5G for you!

  For those who can, there’s a series of control programs designed for different types of device. Anything that can be described as “computer controlled” can be hacked this way if the PC has the appropriate program, since due to SPACE MAGIC, everything computerized is automatically in the Net. There are also programs for remaining hidden, getting past barriers, and attacking both other programs and other people. Everyone is going to want these even if they’re using a desktop.

  The netrunner’s Interface class skill is required to run the Net at all, but is not used for all netrunning tasks. Its main use is in combat against security programs (IC, “ice”) or other netrunners. Due to the way the character creation system works it also determines your starting money.

  The kind of server you expect a netrunner to hack is called a Data Fortress. It vaguely resembles a mainframe, but as the name implies it goes all in on the VR Dungeon aesthetic, even harder than Shadowrun did. You’re not moving through an abstract representation of a mainframe, you’re crawling an actual dungeon-like structure drawn on a 10x10 square grid. It has walls, gates, and security programs acting like wandering monsters, and memory banks that work like treasure chests. They have CPUs that act like brains, and give them an INT score and possibly skills that are useful both in its day-to-day operations and when fighting netrunners. A Fortress with an INT of 12 or higher (which requires 4 CPUs) is a sapient AI and has a personality.

  Security programs are drawn from the same master list as netrunner programs. You place them like monsters in the dungeon.

  Run Parameters

  Sadly CP 2020 does not include sample characters, so we have to create one. We’ll also need to create our target system, because the example there is a bit too high level for us.

  Our Netrunner: G0blin

  So called because of his looks, he prefers to work from home.

  I’m using my Cyberware Capacity rules instead of Humanity, but that’s the only tweak I did here. I lucked out on the starting stat and cash rolls and decided to optimize my money by getting a desktop with expanded memory instead of a portable deck.

  INT 10 REF 9 TECH 7 LUCK 6 EMP 6 MA 5 COOL 4 BODY 4 ATTR 3

  Cyberware Capacity: 11/40.

  Career Skills

  • Interface - 8
  • Awareness/Notice - 5
  • Basic Tech - 4
  • Education - 3
  • System Knowledge - 4
  • CyberTech - 2
  • Cyberdeck Design - 4
  • Composition - 1
  • Electronics - 4
  • Programming - 5

  Pickup Skills

  Handguns 6, Stealth 6, Persuasion 1

  Cyberware

  • Neural Processor (1k, CC 6),
  • Cybermodem Link (100, CC 1),
  • Interface Plugs (200, CC 4)

  Equipment

  • Desktop deck (20 MU, Speed 0, Data Wall 2, 6k)
    • Killer 6 (STR 6, 5 MU, 1480 eb),
    • Stealth (STR 4, 3 MU, 480)
    • Wizard’s Book (STR 6, 2 MU, 400 eb)
    • Crystal Ball (STR 4, 1 MU, 140 eb)
    • Genie (STR 5, 1 MU, 150 eb)

  Our System

  

  By following the rules in the CP2020 core book, and with a little help from its random generation system, I came up with the Data Fortress depicted above.

  Here’s the key to the numbers and symbols in the file:

  • 1: Watchdog
  • 2: Bloodhound
  • 3: Stun
  • 4: Knockout
  • M*: Financial File, where the money is.
  • M**: Grey Ops file, where the evidence is.

  That Knockout was a originally a Hellhound, but I thought that might be a bit excessive since the book keeps describing it as the scariest thing ever, only employed by the richest and nastiest corporations. Still, there’s not much difference for us, as one hit from the Knockout will still ensure a mission failure.

  Run Summary

  G0blin arrived from the left side of the screen. The Watchdog next to the gate spotted him when he got close despite the running Stealth program. He destroyed it with one attack, and then proceeded to crack the gate. Inside, he first went right to the remotes and got spotted by another Watchdog. As before, he won initiative and destroyed it with one attack.

  Then he moved down, clipping through the CPU. He managed to stay hidden from both the Bloodhound and the much more dangerous Stun, bushwhacking them with sneak attacks. He examined the data stores there and drained the company’s accounts.

  Then he went into the little corner room for the final leg of the mission. The Knockout program didn’t spot him at first, but also didn’t go down with the sneak attack. They went to initiative, G0blin won, and finished the program off. This left him free to finish the mission, as both the door and evidence were right there.

  The run succeeded and took a total of around 21 game turns and 32 minutes of real time.

  Run Analysis and Impressions

  I found this less enjoyable than Shadowrun’s system, I guess, but it’s mostly because of me. I’m not a big fan of how this game views the Net, or of how much a net run resembles a roguelike dungeon crawl. Nevertheless it was faster.

  I do wonder if the quick runtime might have been because this host was too easy. How would it have gone if I used the Militech regional office that comes as an example as my system for this run? Or maybe I got something wrong when designing the fortress or running the session?

  Let’s assume I got things right and the physical team takes the same amount of time from the SR1 post to do their part (50 minutes for a perfectly stealthy run or 90 for one with a firefight). This means the hacker takes up anywhere from a third to half the session. That’s still more than the theoretic “ideal” ratio of 25%, but perhaps it could be alleviated with a bit of proper scene management.

  As far as VR dungeon crawls go, CP 2020’s are much more like brutal raids than Shadowrun’s careful sneaking missions. Non-combat programs add only their Strength to the d10 roll, while attacks and defenses use the netrunner’s INT and Interface skill as well. Attacks are also much more devastating, since most programs have a Strength of less than 6, and that 1d6 damage Killer programs do reduces Strength directly. Even if the target survives, it’s greatly weakened.

  On the other hand, if any of those anti-personnel programs had managed to act and hit our runner, they’d instantly be put out of commission and the mission would fail. That’s another way in which it resembles a roguelike: the key to victory is to bump the monster before the monster bumps you.

  There were several things that were unclear to me here:

  Do detection rolls happen only once, or do they happen every turn? I went with “every turn”, and this ended up making things more violent. Most ICE that initially missed G0blin ended up spotting him on the second roll and forcing him to enter combat.

  Do you need control programs to operate those remote icons from a data fortress? I went with “no” despite buying a couple of those for G0blin, because the examples were all about netrunners controlling physical objects close to them from meatspace. If I had went with “yes”, it would only have increased the amount of turns the run took by a bit, since G0blin only tried to control these remotes when all neighboring ICE had been killed.

  I also didn’t know what happened when a Watchdog spotted G0blin. Text said it “alerts its owner”, but does that happen immediately or does the dog have to run to where the owner is? I judged the program had to travel to the owner since the setting places so much emphasis on the “physicality” of the Net. That would be the terminal icon here in our map, but no dog ever made it there. If any had, we might have seen an enemy netrunner here and the run would have perhaps been harder.

• Oct 27, 2023

  The Great Tabletop Hackaton: Shadowrun 1st Edition Play Phase

  

  Run Summary

  After deciding on the design parameters for our Shadowrun 1st Edition Matrix run, I got my stopwatch and jumped right into it. I stopped it at the end of every node to keep a running tally of the elapsed time.

  Here’s the system map we’re using, for reference:

  

  Below is the account of events. As I mentioned before, the actual timed run was written in a brief shorthand and the account below was expanded for readability after the fact.

  Node 1 (SAN): Red-3, Trace and Dump-4.

  The Decker enters through Node 1, dialing the mainframe’s modem. Security here is unusually tight for a Shadowrun system - the target really doesn’t want anyone sticking their noses in his business.

  I hadn’t quite understood the rules here yet, thinking that you couldn’t use your Hacking Pool outside of cybercombat for anything but improvising programs.

  So our decker arrives here at Sensor range, improvises Analyze-7 with her pool, and runs that against the ICE, seeing that it’s a potentially dangerous tracer. She moves into Contact range and I roll Initiative even though we’re not in combat, just to have a sense of the flow of the action.

  She runs Sleaze against the Tracer using only the program rating, beating the ice but failing anyway because this is a Red node.

  From that point on I learn that you can use Hacking Pool dice on any Computer or program test even outside of combat, so I use some on the second attempt and pass even though that has increased difficulty. Ice supressed, we get to whisper “I’m in” into our comms.

  And here is where I realize there’s very little reason to be sparing with those pool dice, and that I can use pool dice even for tests with improvised programs. So my strategy for pretty much the rest of the run is to shout I AM SPEED and drop my entire Hacking Pool on any test that doesn’t happen during actual cybercombat.

  Total time elapsed so far: 1 turn, 13 minutes.

  Node 2 (SPU): Orange-5, Access-6

  Another beefy node, and our actual password prompt. Our Decker analyzes the Ice like before, and this fails with a tie. I rule a tie doesn’t activate the ICE. She decides not to try again and just tries Sleaze instead.

  I AM SPEED gets us through this just fine - Sleaze works against everything, but Deception would have worked here too. We can see two other nodes from this one, but not what they are. I decide to flip a coin to see where we go next, and we go right towards Node 3.

  Total time elapsed so far: 2 turns, 28 minutes.

  Node 3: SPU, Green-4, Barrier-3

  This is where I arrive at my final interpretation for improvised programs. Improvising them is part of the same action in which you run them, so while this takes only 1 action total, the pool dice you use for the script aren’t available for the test.

  Luckily Analyze’s rating doesn’t actually limit what it can discover, so we’re better off improvising an Analyze-1 script and chucking our remaining 13 pool dice into the test than going for Analyze-7 with 1 extra die. Having an actual Analyze program would be even better, but this is pretty good still.

  So our reckless Decker successfully analyzes the ICE and Sleazes past it using the same actions and approach as before. I AM SPEED wins again!

  She sees there are two connected nodes, and it’s right here that I realize she’s not actually in any danger at Sensor range and can back out after reconnoitering. So Ms. Decker moves into Sensor range of the two connected nodes in order to scout them all and see they’re an I/O Port and a Control node without any ICE in them. She then decides to move on to Node 4.

  Total time elapsed: 5 turns, 41 minutes.

  Node 4: I/O Port, Green-4.

  This node and Node 5 don’t actually have a security rating of their own, so I gave them the same rating as the SPU that was linked to them.

  We once again go with I AM SPEED, and our total of 21 dice easily takes care of the system operation needed to disable the camera. Per the rules, after either succeeding at a system operation or giving up after a number of failures, we need to roll a d6. If the result is less than or equal to the number of attempts, the system noticed something wrong and triggered an alert. We only had one attempt before succeeding, and we roll a 3, so no alert.

  Camera is off. First goal accomplished!

  Total time elapsed: 6 turns, 47 minutes.

  Node 5: Control, Green-4.

  Same deal as before, and same outcome. Alarm is off, second goal accomplished. And we took less time because I already knew what to do.

  Total time elapsed: 7 turns, 50 minutes.

  Node 6: SPU, Red-4, Killer-4.

  We still have data to steal, so we go to the only unexplored path so far and try to find data stores.

  After scouting the node, we follow your usual procedure of Improvised Analyze -> close to Contact range -> Initiative -> Sleaze, always using our whole Hacking Pool for each individual test. We suppress the ICE without issue. If you noticed how reckless we’re being, take a cookie.

  Further scouting reviews two data stores attached to this node. I flip another coin to decide where to go, and we go down to Node 8.

  Total time elapsed: 10 turns, 58 minutes.

  Node 8: Data Store, Red-4, Black Ice-5.

  Our usual Improvised Analyze routine shows us this data store is protected by Black Ice! This is scary, but is also a very promising lead.

  Disregarding the danger, our Decker goes all in and chucks her whole Hacking Pool into Sleaze again. She succeeds by exactly the needed amount and suppresses the ice.

  She then uses Browse to find any drainable accounts, because she doesn’t know the full layout of the system like we do. The operation succeeds but she doesn’t find anything. Boo!

  Remembering the actual mission, she Browses for incriminating evidence and finds it. She has enough disk space for the file, and no time pressure for the download, so we just wait a couple more turns. Third objective accomplished!

  She still wants to find that money, though, so she moves to the other data store at Node 7.

  Total time elapsed: 13 turns, 1 hour, 9 minutes.

  Node 7: Data Store, Red-4, Access-5

  Same deal as usual. Improv Analyze reveals the ICE, Sleaze gets past it, Browse confirms there’s nothing of value to the team in this node.

  Here is where I begin to notice that despite the different types of nodes and the flowery descriptions of virtual dungeons, we’ve been performing more or less the same sequence of tests in the same order, in a loop. So I guess a long enough Matrix run might seem a bit boring for the decker as well. I’m still having fun here, because lucky rolls have given me a string of successes, but I don’t feel like I’m in danger or having to make complex decisions.

  Anyway, the only unexplored node left is the CPU. A cautious decker might decide to cut their losses, perform the single remaining system operation they need, and jack out. But we’ve already established our Decker is not cautious, SHE IS SPEED!

  Total elapsed time: 14 turns, 1 hour, 20 minutes.

  Node 9: CPU, Red-5, Trace and Burn-6, Black Ice-4

  The setup is a little unusual here. This CPU has all the standard system operations available, and the Trace and Burn-6 is protecting those. It also has a link to the target’s bank account, and draining it counts as a custom system operation. There’s a piece of Black Ice protecting that operation only.

  So our Decker will have the run of the system if she neutralizes the Tracer, but to get the money she must also get past the Black Ice.

  She comes within Sensor Range, Improv-Analyzes both pieces of Ice, and sees what they’re protecting. She decides to deal with the Tracer first. I roll Initiative for everyone as she gets into Contact Range, but the ICE will only act if it activates.

  Despite the usual I AM SPEED approach giving us 19 dice to Sleaze past the Tracer, the node’s high security level prevents us from succeeding. We try again with increased difficulty, and this time a very unlucky roll gives the ice more successes, meaning it activates!

  The first thing Trace and Burn does upon activation is try to raise an Internal Alert in the system. This causes the ratings of all ICE to increase by 50%, so we’re actually dealing with Trace-and-Burn 9 now. The Black Ice also improves to Rating 6, but it remains inactive since it’s only protecting the bank account.

  We could have allocated dice from our Hacking Pool to an opposed test to “jam” the ice and prevent the alert from going through… but we already used all of them on the Sleaze attempt, and the pool hasn’t refreshed yet. This is why our Decker has been very reckless so far, as every piece of ice she faced until now could have done this on a failed test.

  On its first actual action, Trace and Burn rolls its rating to determine how long it will take to trace the Decker. We’re lucky here because this roll gets only 1 success, meaning it will take a total of 10 of the IC’s actions to do so. Once that time is up, though, her deck is toast.

  Our Decker switches to using the Attack program to destroy the Tracer before that happens. This is proper cybercombat, which works a little differently. The “to-hit” roll is an unopposed test with only with your Hacking Pool against the Node’s security. The program’s rating is your base damage if you hit, and it increases by 1 for every extra success past the minimum required to hit. Actual damage is your net successes in an opposed test of the ICE’s rating versus your damage pool.

  I end up using my entire pool in the to-hit roll, since any less than that means I won’t be beating the difficulty on average. It takes me 3 turns to destroy the Tracer this way, but since everyone acts multiple times per turn I only had 3 actions left before the trace completed. This was still somewhat repetitive since it was the same set of rolls every time, but it was also exciting since this is the first time our Decker is in any actual danger.

  With the tracer gone, she uses a system operation to cancel the alert and manages to Sleaze past the Black Ice and drain the target’s account. Bonus objective completed!

  With that done, she moves normally to the Control Modules and opens the final door, completing the mission’s objective. She then jacks out. Mission Complete!

  Total time elapsed: 19 turns, 2 hours and 4 minutes. This combat alone took 41 minutes to resolve.

  Run Analysis and Impressions

  I’m not gonna lie, I kinda feel like I completed an important life goal. I could never understand this hacking system when I was 12, but now not only did I grok it, I finished an entire Matrix run while using it. So I’m pretty happy, and I had fun.

  However, I must also conclude that all the criticisms leveled at this system are valid.

  As mentioned in the intro, we’re assuming our physical team has an easy time getting past the reception area. This would take some light roleplaying and a roll or two from our talker. That plus walking to the restricted area might take 10 minutes of real time, but it takes the decker 50 minutes to complete the goals that let them move forward from there.

  The next part of the physical mission will involve more tests and die rolls from the physical team. The Decker takes around half an hour of real time to find the electronic evidence, and it might be accurate to assume the physical team takes about the same or a little bit longer to sneak past the guards and find the physical documents. Let’s say 40 minutes for the physical team.

  Then the Decker decides to loot the server, and that takes 41 minutes. Unless the physical team is having an epic shootout at the same time as they try to leave the building, all they have to do is sit and wait. Otherwise they take maybe 10 minutes total to reach the back door and walk out.

  So a team that has a firefight on the way out might take up 90 minutes of real time, and a team that doesn’t will take perhaps 50 with their part of the mission. Our Decker is taking up at best over half and at worst over two-thirds of the session with her solo VR dungeon crawl. And this is all assuming a 100% buttery smooth session with absolutely no digressions, distractions, or rule arguments to make it longer.

  There was also a point where I kinda felt that the decking run itself was getting a little repetitive, because the “optimal” procedure to follow became obvious: Improv Analyze -> Sleaze, always dumping the entire Hacking Pool into each test. In actual cybercombat, I also ended up doing the same thing over and over until the enemy died. It was still enjoyable, but I could see it eventually overstaying its welcome even for the decker player.

  Finally, if it turns out that my rules interpretations were overly generous and this was supposed to be way harder, then all the criticisms I made become even stronger, because everything would take more time and more rolls.

• Oct 26, 2023

  The Great Tabletop Hackathon: Shadowrun 1st Edition Design Phase

  

  For this run we’ll be using the original edition of Shadowrun, published in 1989. I started with second edition, but that’s not a problem because I’m equally unfamiliar with both edition’s hacking systems!

  The writing and setting and even the rules of these two early editions give me a sort of cozy nostalgic feeling when I read them, but these days I am well aware of all their issues, mechanical and otherwise.

  Setting Overview

  The setting’s global network is called the Matrix. Hackers are called Deckers because they use cyberdecks, devices the about the size of a full 104-key keyboard that have cable jacks for connecting directly to the decker’s neural interface and to either a computer terminal or a communications line.

  Using a cyberdeck to access the Matrix takes you to the full Gibsonian VR Dungeon experience, where you zip through the infinite grid of the Matrix and then crawl through the low-poly simulated environments of a server, treating its security programs as monsters and its data as loot.

  Beneath the chrome flash, we’re dealing with classic mainframes from the Eighties. The Matrix isn’t the Internet, it’s the global phone grid. You access your target mainframe by connecting to the phone grid yourself and dialing the number of the mainframe’s modem. There are even rules for making long-distance and international calls. Mainframe numbers are usually unlisted, but can be found with diligent research by deckers or provided by whoever’s hiring them for the run.

  A cyberdeck is distinctly different from a mere “computer”, crammed full of specialized electronics that allow it to be used for operating in VR and hacking mainframes. Personal computers don’t do really do much other than letting you store and view data files, and perhaps acting as dumb terminals to mainframes.

  Cyberdecks cost a fortune! The one used by the sample starting characters in the book costs more than a sports car. The most expensive one is about twice the price of a fighter jet. And that’s just for the base hardware. If you want your deck to be truly tubular, you’re probably going to spend around twice its base price on software and optional extras. Deckers tend to be highly specialized at character creation because they need to spend most of their points on money and most of their money on a deck - there isn’t any “room” to be anything else.

  Mechanics Overview

  A mainframe is composed of a set of Nodes representing its different parts, connected by Data Lines. The end result is a lot like a dungeon with rooms and corridors.

  Each node allows users to perform a different set of System Operations related to its function. Authorized users can do this automatically. Our decker must perform a Computer skill test to beat the node’s Security Rating, a color and number combination that gives you both the difficulty of the roll and how many successes you need. If you fail at performing a system operation, you might trigger an alert.

  Deckers can also run Utility Programs, which do things not listed in the system operations menu. There are four program categories, and each has a slightly different procedure that’s some variation of rolling the program rating against the node’s security. Some programs degrade, losing effectiveness each time they’re used. This resets when the decker jacks out. Failing at using a program doesn’t raise an alert, but might trigger IC.

  The game is very concerned about how large programs are because there are rules for loading them from disk to RAM and managing your free memory. Not having enough RAM to run all you need at once is the quintessential 80s computing experience after all.

  All Computer skill tests and Utility Programs can benefit from the decker’s Hacking Pool, which is equal to the sum of their Computer Skill and Reaction attribute, modified by stuff that increases Reaction. Like other dice pools in this system, it refreshes at the start of every action. You can allocate dice from it to benefit any Computer or Program tests while in the Matrix.

  If you want to use a program you don’t have, you can improvise a single-use script version of it with your Hacking Pool. You can only improvise a degrading program once per Matrix run, but if I understand the book correctly you can improvise non-degrading programs multiple times. I’m interpreting the rules to mean that an improvised program must be used in the same action, otherwise there would be little reason to buy any programs.

  Most nodes are going to have some IC (Intrusion Countermeasures, “ice”) in them. The mere presence of IC stops deckers from performing system operations or moving past the node, and they must either destroy or fool the IC before they can do these things. Most ice only triggers when it beats you in the opposed test to fool it. If you beat it but fail to beat the node’s base security, they remain inactive and still block your progress. Subsequent attempts are harder, increasing your chances of triggering the ice. Attacking IC directly also triggers it, of course.

  White ice is completely passive. It tries to raise an alarm but you can block it with your Hacking Pool. Grey ice additionally tries to trace you or attack your deck. Black Ice attacks the decker directly, and might kill them. There’s a little bestiary of different types within each category.

  Matrix turns happen at the same speed as physical combat turns, using the same initiative rules. Both types of turn last around 3 seconds.

  Run Parameters

  In the Shadowrun 1st Edition version of our run, our decker is going to be remote, and we will assume the team discovered the mainframe’s unlisted phone number during their prep phase. I’m going to take a couple of shortcuts here because those are available to me.

  For our decker, we’ll be using the Decker Archetype from the SR1 corebook. She has Computer 6, the Fuchi-4 deck with a decent spread of mods and programs, and a hacking pool of 15. I’m going to cheat a little bit and replace her Deception 4 utility with Sleaze 4, because from what I understood of the system there is no reason to ever take Deception when you can take Sleaze instead. Let’s assume she has one run under her belt and used the payout from that to upgrade her software a bit. Even with Sleaze’s larger size she can still fit all her programs in RAM at once.

  

  For our target system, we’ll be using the one from page 55 of the Mercurial adventure. Here’s a list of the ICE present in the system:

  • Node 1: Trace and Dump-4.
  • Node 2 Access-6.
  • Node 3: Barrier-3.
  • Node 4: no ICE.
  • Node 5: no ICE.
  • Node 6: Killer-4.
  • Node 7: Access-5
  • Node 8: Black Ice-5.
  • Node 9: Trace and Burn-6, Black Ice-4.

  Node 4 will be connected to our security camera, Node 5 to the alarm and door. Node 8 will contain the evidence we seek, and the CPU at Node 9 is where we can drain their accounts because that’s how it is in the original adventure. The other data store at Node 7 has nothing of value to our runners.

subscribe via RSS