Welcome! These forums will be deactivated by the end of this year. The conversation continues in a new morph over on Discord! Please join us there for a more active conversation and the occasional opportunity to ask developers questions directly! Go to the PS+ Discord Server.

Still this Mesh hacking.

17 posts / 0 new

Last post

Fri, 2014-08-08 17:07

Raoul

Still this Mesh hacking.

Hi, so, that friend of mine would like to host a game again, and I look forward to play my hacker again. But we have a small problem: he thinks that mesh hacking is overpowered. Once I am in the node, I can do whatever I want and it would be a "I Win The Game" button. I disagree with him. But how could I convince him? I am not a very experienced player, and a walkthrough through mesh hacking would be great. I would love if my way of understanding the rules is the "right" one. Let's say that Anton the h@ck3r would like to connect to a node, and that node would be a mesh Insert, with the aim to read some Private Messages Lorelein the Hot had received from another guy. That guy would be Helmut da L0ver. So, cause Anton doesn't want Lorelei to realise it is him hacking, he wants to buy an anonymous account service. But it is illegal, so he doesn't. Instead, he'll ask his Muse to feed false mesh ID. In addition, Lorelein is really close to his position, so he wants to stealth his signals. So, he feels ready to hack those inserts! Because he knows Lorelei, he has no difficulties to find her Mesh ID. So, he inhales deeply and goes for it! He launches his exploit software and hopes he is lucky. He goes for an Admin account. 10 minutes later, he rolls a 45, he is in! Knowing he has 90 in his competence, it is a MoS of 15. It means that he is in! The muse is waching for any intrusion, so she rolls and succeeds. Anton rolls pretty well and succeeds too. So his status is spotted and the Muse informs Lorelein that there is something not normal going on. Anton has -10 on all his rolls. The muse decides to try to locate the intruder as re-autentification and reduced privilege would cause trouble to Lorelein. For this she zeroes in. Anton and the Muse both make that opposed Infosec test and Anton fails! He uses a Moxy point and succeeds finally. He decides to upgrade his status to covert status. He wins with a MoS of 36 the opposed Infosec test and gains covert status. The Muse still tries to locate the intruder but doesn't manage. Anton has now Admin rights on that node and switches the alert off. He checks the Inbox and finds that Lorelein didn't get any message from that other guy Helmut da L0ver. He can now eliminate any trace of his intrusion and disconnect. But he fails the test with a MoF of 41, he goes back to being spotted. The Muse reacts, launches a passive alert again, and zeroes in. This time with more luck and Anton is Locked, now suffering -20 on his rolls! The muse wants to know who the intruder could be, so she starts to track him. She realizes quiet fast, that he used false Mesh ID's and doesn't have the 1 hour time frame to track him back. So she decides to Lock the intruder out. Without surprise, she wins the infosec test and Anton is out. But before that, Anton had the possibility to launch a script he had prepared before: 1) Create Backdoor 2) Eliminate traces The script manages all his tests. Does this sound correct? Extra Questions: Now that Anton is out and his traces eliminated, can the Muse still try to track him? What if the script hadn't manage to erase the traces? What is the difference between privacy mode and Mesh ID, both give a -30, how are they different? Once a hacker is "in", what makes it imposible for him to simply copy the whole node, disconnect and search for his infos later before anything can be done agains him? Once an intruder is Locked in, what can he do?

—

Raoul

Fri, 2014-08-08 18:19

uwtartarus uwtartarus's picture

Hacking is tricky, also his

Hacking is tricky, also his MoS if he rolls 45 (and succeeds) is 45. It's blackjack, the higher the better as long as it is under the (modified) skill total (90 -30 for trying to get Admin privileges). 45 is over 30 so Great Success, opposed by the owner's Muse, which has to roll under it's Infosec and typically needs to be better than 45. Hacking is mostly tricky, also despite Mesh Inserts, I would use a separate Ecto for my Mesh browsing, with an attached Ghostrider that runs a KAOS AI dedicated to defense, and just avoid using my Mesh Inserts if I was really paranoid about it. EDIT:

Quote:
Once a hacker is "in", what makes it imposible for him to simply copy the whole node, disconnect and search for his infos later before anything can be done agains him?

Nothing, except if there is a ton of info, it would take time to copy it all and download it all, the defense may spot that large dump of data and stop it. But once you have Admin privileges, next to nothing stops you from copying all the data and then leaving.

—

Exhuman, and Humanitarian.

Sat, 2014-08-09 00:48

lets adapt lets adapt's picture

If I were GM in this

If I were GM in this situation, if my NPC notices an intruder connected to its mesh inserts then that NPC is disabling its mesh inserts!

Sat, 2014-08-09 06:02

Myrmidont

Disable the wireless

Disable the wireless connection for a couple of minutes, at any rate. Turning off mesh inserts is turning of the whole computer. It just depends if they are using their wireless for anything vital. Also, hacking someone's mesh inserts may not actually have their emails. After all, gaining access to my PC doesn't give access to my hotmail account. Lorelein's emails may actually be on a third party server that is constantly, actively monitored by expert AIs or infomorphs. Not even hacking Lorelein's mesh inserts would reveal a memorised login

—

Sat, 2014-08-09 14:41

Raoul

But, basically, you all agree

But, basically, you all agree the way I described it is correct. For the mails... well I thought something like Outlook which downloads everything. I am still so full of Shadowrun and a Mesh insert is a link to me. In our last game, I hacked myself an account in the Node of the Control Tower of the spaceport. Could get some infos... It looks like hacking is really ON/OFF button. Is there any tip how I can play my hacker better actually? Is there any way to make hacking a bit more interesting?

—

Raoul

Sat, 2014-08-09 15:29

lets adapt lets adapt's picture

It's not quite on/off. The

It's not quite on/off. The hacking cheat sheet is useful if you're looking for an overview: http://eclipsephase.com/downloads/voidstate_eclipse_phase_hacking_cheats... One thing that I think is worth mentioning is that if you're playing things as written then in order to do any hacking at all you need an exploit. Low level/common system (like last year's model of Creepy or Dr. Bot) exploits will exist readily, sure, but military grade firewalls and the like are simply not going to be able to be penetrated by the PCs on a whim. I'd rate personal firewalls closer to military grade than I would low level systems and finding an exploit to get past a decent firewall would probably be a session in and of its self.

Sat, 2014-08-09 16:21

Raoul

lets adapt wrote:It's not

lets adapt wrote:
It's not quite on/off. The hacking cheat sheet is useful if you're looking for an overview: http://eclipsephase.com/downloads/voidstate_eclipse_phase_hacking_cheats... One thing that I think is worth mentioning is that if you're playing things as written then in order to do any hacking at all you need an exploit. Low level/common system (like last year's model of Creepy or Dr. Bot) exploits will exist readily, sure, but military grade firewalls and the like are simply not going to be able to be penetrated by the PCs on a whim. I'd rate personal firewalls closer to military grade than I would low level systems and finding an exploit to get past a decent firewall would probably be a session in and of its self.

Yeah, I know that sheet. I don't really understand what you mean with the fact that I need an exploit. What does that mean? Kind of a known security failure? And how do you make finding an exploit in a firewall take a whole session? You mean, finding a node which is conected to the aim-node, hacking it and going up? It is a bit blurr to me. I'd be happy if you could extand a bit your answer!

—

Raoul

Sat, 2014-08-09 21:24

lets adapt lets adapt's picture

Yes, it's a security flaw

Yes, it's knowledge of a security flaw that is required before you can even attempt hack a system.

Quote:
p.331 of EP Core Exploit: Exploits are hacker tools that take advantage of known vulnerabilities in other software. They are required for intrusion attempts.

As far as length of time it'd take to find an exploit and then purchasing that info, it would depend entirely on the system in question. Like I mentioned previously, the beefier the system the less likely an exploit would available for it. And, if there was an exploit to be found, getting your hands on it before it was patched is another story all together.

Sat, 2014-08-09 22:00

ORCACommander ORCACommander's picture

this is why instead of goign

this is why instead of goign directly for reactor control you go for say the entertainment system first and once you in you can easier access the more hardened systems from within

Sun, 2014-08-10 01:41

#10

lets adapt lets adapt's picture

If your reactor controls are

If your reactor controls are on the same network as your entertainment systems then you're asking for problems. :P

Sun, 2014-08-10 06:47

#11

Raoul

Is there any game on the

Is there any game on the forum which is using the hacking rules where I could have a look on the whole process? I'd love to watch, read, a player and a GM play that.

—

Raoul

Thu, 2014-08-14 19:01

#12

Karmarainbow Karmarainbow's picture

Lets Adapt - are you sure

Lets Adapt - are you sure that exploits need to be individually purchased for each node that you wish to hack? The rules for creating your own exploits seem to imply that you use the same exploit software over a period of time for different jobs, because it gives rules for programs degrading over time. It also gives rules for spending two weeks upgrading your exploit software. My reading of this is that exploit software is something [b]generic[/b] that you need to buy which allows you to hack a variety of systems. “The mesh gear quality rules allow for players and gamemasters to make a distinction between software tools, separating the open-source, stock-repertoire exploit tools of amateur hackers from cutting-edge military-grade penetration wares. While many characters will simply buy or otherwise acquire such programs, a hacker with the do-it-yourself ethic is likely going to want to design their own personalized applications, based on their playbook of closely guarded intrusion / counterintrusion methods. To reflect the efforts a hacker character makes by designing, coding, and modifying their own customized personal arsenals, they may make a Task Action Programming Test with a timeframe of 2 weeks. If they succeed, they upgrade one of their software tools by one level of quality (i.e., from +0 to +10). Multiple Programming Tests can be made to enhance a program, but for each level add the target modifier as a negative modifier to the test (so upgrading a +0 suite to +10 is a –10 modifier on the Programming Test). Similarly, at the gamemaster’s discretion, software tools—particularly exploits—may degrade in quality over time, reflecting that they have become outdated. As a general rule, such programs should degrade in quality about once every 3 months.” (p. 247, 4th printing)

Thu, 2014-08-14 20:38

#13

lets adapt lets adapt's picture

By default, yes, I say so;

By default, yes, I say so; the entry I posted above says you need an exploit if you want to hack. Now, say, if the firewalls are similar or the same model then obviously you can use the same exploit. Also, depending on the system, you simpy need to get into a machine on a network with (domain) admin rights which then normally gives you access to every machine joined to that same domain/network, no further exploits needed. Exploits aren't generic -- they're a specific vulnerability of a specific system. An exploit that works in build 1.3.4r_3 wouldn't necessarily work for build 1.3.4r_4 of some target's firmware. If you want to simplify things and say that exploit software is a generic tool, then feel free! I am not the fun police! I just figured I'd throw my two cents in.

Fri, 2014-08-15 09:46

#14

ThatWhichNeverWas ThatWhichNeverWas's picture

Do both!

These need not be mutually exclusive options. For most small, stuff, you can probably assume that the exploit is a program with a whole package of vulnerabilities for multiple related systems, probably with semi-regular updates from the author/s, but for modern or high-tech stuff you need to find something more specific.

—

In the past we've had to compensate for weaknesses, finding quick solutions that only benefit a few. But what if we never need to feel weak or morally conflicted again?

Sat, 2014-08-16 15:02

#15

Karmarainbow Karmarainbow's picture

Thanks both. Yes, i think you

Thanks both. Yes, i think you can have the best of both worlds. My players hack often and I fear it would slow the game down if they had to source a specific exploit each time, so I prefer exploit software to be more like a suite of hacking tools, but for particularly secure systems i can see the sense in saying the standard tools are of little use. Incidentally, I think you can use Programming skill to 'identify flaws', so perhaps you could study a system and use that skill to develop your own tailored exploit.

Mon, 2014-08-18 19:16

#16

Justin Alexander Justin Alexander's picture

Raoul wrote:But we have a

Raoul wrote:
But we have a small problem: he thinks that mesh hacking is overpowered. Once I am in the node, I can do whatever I want and it would be a "I Win The Game" button. I disagree with him. But how could I convince him?

When resolved properly, hacking is a multi-step process in which multiple challenges have to be surmounted. Saying that someone who has completely executed a successful hack has hit the "I Win the Game" button is like saying that Frodo hits the "I Win the Game" button by throwing the One Ring into Mt. Doom: It's true on some level, but it completely ignores the journey necessary to reach the button and the sacrifice required to hit it. In EP there are basically two paths to executing a successful hack: First, gaining authentication for accessing the system. There are a lot of different authentication systems and a lot of different ways that you can (illegitimately) gain those authentications. But what it really boils down to is that gaining authentication is pretty much a mini-adventure in its own right. (It's mounting a heist to gain a person's biometric data. Or physically infiltrating their office to install a signal sniffer that can yank their passcode. Et cetera.) Second, simply accessing a system and then attempting to take actions on the system that you don't have permission for. Getting access to the system is not always automatic (firewalls) or might require its own mini-adventure (if the system requires a hardwired connection). Simply getting access to the system in this second scenario isn't an "I Win" button, though. Every single action you attempt requires a hacking attempt. And simple AI is ubiquitous in the EP universe, which means that every single step of the way you are ALSO facing active resistance.

Raoul wrote:
Once a hacker is "in", what makes it imposible for him to simply copy the whole node, disconnect and search for his infos later before anything can be done agains him?

Raoul wrote:
Once an intruder is Locked in, what can he do?

If his status is LOCKED, then he can still do anything he wants. He just suffers a -20 penalty to his checks and the security system can now take additional actions against him (including tracing him or locking him out). If the security system achieves a LOCKOUT, on the other hand, he's been knocked out of the system entirely and the account quarantined. The hack is over.

—

The Alexandrian

Fri, 2014-08-22 13:16

#17

Raoul

Thank you for that answer.

Thank you for that answer. So I guess the example I gave is somehow correct. Thank you for that precision about being locked.

—

Raoul