[toad]

Could someone lay out how they would work the game mechanics in a situation like this.

The party is attempting a getaway, and being chased by a Lone Star or Corp helicopter. The party hacker wants to disable/crash the helicopter?

[tzizimine]

Well, there's a number of ways to crash it, but assuming the hacker is doing it (and not a mage or spirit or street sam with a really big gun), here's how it goes.


1. Before anything, the hacker and the copter need to be in AND STAY IN Mutual Signal Range. Given that a Lone Star copter, straight out of the book, would be a security vehicle, the on-board node for it would have a Device Rating of 4 (meaning the Firewall / Response / Signal / System attributes would all be 4). Note, this assumption is one of the biggest things that causes this entire process to fail. For example, a copter that knows it's being hacked and doesn't need constant contact with HQ or drones could lower it's Signal rating voluntarily. But assuming it doesn't...


Mutual Signal Rating of 4 = 1 km (SR4A, pg. 222).


2. If the copter's node (which we'll just refer to a the copter from now on) is running in Active or Passive mode, then the hacker is automatically aware of it as soon as it is in Mutual Signal Range. If it is running in Hidden Mode, there will need to a Detect Hidden Node test. Which mode the copter is running in is largely dependent on what the copter was doing before it started chasing the runners. If it was patrolling, it was probably in Passive Mode. If it was explicitly dispatched to get the runners, it was probably in Hidden Mode. Changing the mode is so easy to do, however, that the only reason it wouldn't be in Hidden mode is if the copter was in Passive mode and was surprised by what the runners did and didn't think to change modes.


Detect Hidden Node Test: Electronic Warfare + Scan (4 or 15+, Complex Action, SR4A, pg. 230).


The difference in threshold is based on if the hacker knows where the copter is, i.e. can see it or otherwise detect it before trying to detect the hidden on-board node.


3. Assuming the party does not have the decryption key for the copter and that the copter is has Encrypt running (which is so inexpensive and common, it would be foolish not to), then the hacker needs to break through the Encryption on the copter. Now, this is another aspect that can foil hacking attempts. Since the desired goal is to crash the copter, one needs access to the node in the copter itself, not to one of the slaved devices (i.e. drones) that might be coming with the copter. According to the Strong Encryption rules in Unwired, it is possible to spend time (and nothing but time) to thoroughly encyrpt a node, making the time interval for each Initiate Cryptanalysis test equal to the time spent, to a maximum of 24 hours per test. Given that fights in Shadowrun usually take only seconds, waiting for the decryption can pretty much prevent in-combat hacking. But, assuming that the copter isn't using Strong Encryption...


Initiate Cryptanalysis Test: Electronic Warfare + Decrypt (2x Encrypt Program, 1 Combat Turn, SR4A, pg. 230). Once the Test is started, you do not need to spend actions continuing it. It runs by itself and you wait for it to finish. Note: This test does not benefit from any teamwork test.

Given that the Device Rating on a Lone Star copter is a 4, the (typical) maximum program rating running on it is also 4. So the threshold on this will probably be 8.


4. Once the encryption is broken, one needs actual access to the copter. This is a Hack-On-The-Fly test. Given that the copter is probably being piloted by an actual person (either on board or rigged), you will also need admin access to have a chance to boot them off to control copter, since a copter can only accept commands from one account at a time.


Hack-On-The-Fly Test: Hacking + Exploit (Target's Firewall +6 for admin access, 1 Complex Action, SR4A, pg. 235). Each time you make this test, the target node gets a Firewall + Analyze (Your Stealth Program). If successful, the Firewall increases by 4 and the node is considered 'on alert'. If you are successful, you automatically log on with the completion of the test.

Given, again, the Device Rating of 4, threshold for this test is likely 10 (4 + 6) and the copter gets a Dice Pool of 8 (Firewall 4 + Analyze 4) to beat your Stealth Program.


5. Assuming all of this is successful, and we talking about a minimum of 1 Combat Turn and 2 Complex Actions, then you are logged into copter as an admin and it is entirely possible that the pilot does not know that you are in his system. Depending on the situation, the pilot himself may only be logged into the copter as a security personnel, in which case, you can spend a Complex Action to terminate his connection, leaving you in control of the copter to do with as you wish. But in case they also have an admin account, then it becomes a matter of who can dump who first.


5a. Cybercombat Option: Chances are good that riggers do not have the programs loaded to defend themselves well in cybercombat. A few Complex Actions of Cybercombat + Attack versus a poor Cybercombat Defense and Soak and you might just off-line their system.


Cybercombat Test: Cybercombat + Attack Program / Blackout Program / Black Hammer Program vs. Response + Firewall (SR4A, pg. 236). Net hits add to Attack Program Rating for Matrix Soak


5b. Shift Mutual Signal Range: If the copter is remotely controlled or remotely rigged and you are closer to it than the original pilot, change the Signal Rating so you are in Mutual Signal Range and they aren't, but obviously doesn't work if the pilot is on-board.


Shift Mutual Signal Range Test: Electronic Warfare + Command (1, 1 Complex Action, SR4A pg. 229 as Control Device).



At this point, it is has been at least 2, if not 3 Combat Turns to hack into a copter and force it too crash. Assuming that the fight has lasted this long, you are either doing a very good job of keeping buildings and bridges between you and the copter or have a significant distance advantage. During that same amount of time, the mage in the party could have summoned a spirit with the Accident Power and sent it after the copter, using a dice of 2x Force vs. the 2x Intuition of the pilot to cause a Crash Test, or the gunners could have some luck in shooting it from the sky. And this is all assuming the security spider back at HQ didn't spend the 15 minutes necessary to turn that 1 Combat Turn time interval into a 15 minute time interval, in which case he will be getting fired for such a costly rookie mistake.


Honestly, hacking in combat really only happens if you are on the defense, protecting your teams assets from being hacked, or you have the decryption key and have spent time detecting the hidden node and hacking-on-the-fly as part of an ambush.

[tzizimine]

As kind of a follow up, here's how I envision such a scenario coming about.

The party is successful, but noisy, in stealing something important from a facility downtown. For sake of simplicity, they are at full resources as they are leaving in the typical rigger van, but an alarm gets tripped that the party actually knows about.

The hacker, being paranoid is Detecting Hidden Nodes, using the 15+ threshold, while the other runners are Observing in Detail for any signs being followed, both on the ground and in the air. The alarm gets a helicopter, again full resources but not using Strong Encryption (the security spider was just about to that), leaving the helipad in Hidden Mode. Once the two opposing vehicles are within 1 km of each other, scans are going. Assuming the helicopter is travelling faster than the party is driving (straight line vs. roads, no traffic, etc) but has to look for the party...

Hacker's Detect Hidden Node DP: 14 (Electronic Warfare 6 + Scan 6 + 2 for being in VR) vs. threshold of 15.
Copter's Detect Hidden Node DP: 10 (Electronic Warfare 4 + Scan 4 + 2 for being in VR) vs. threshold of 15.

The hacker will detect the copter just before the copter detects the rigger van, leaving the hacker just enough time to spout off "Copter in 30" through the internal speaker on his commlink, warning everyone else. As the copter approaches, the hacker is attempting to break through the encryption, while the rigger and the copter pilot attempt to out-pace each other.

Rigger's Driving DP: 13 (Reaction 6 + Pilot Groundcraft 6 + 2 for rigged -1 for Handling) vs.
Copter Pilot's Driving DP: 15 (Reaction 6 + Pilot Aircraft 6 + 2 for rigged +1 for Handling)

Even though the copter gets a few net hits, it's only enough for the confirm what the hacker warned... that the copter will be in visual range in 30 seconds (10 Combat Turns).

During this time, everyone else in the party is getting anxious and paranoid, double checking weapons, etc. The hacker is Initiating Cryptanalysis.

Hacker's Initiate Cryptanalysis Test DP: 14 (Electronic Warfare 6 + Decrypt 6 +2 for VR) vs. Threshold of 8 (2x Encrypt 4, 1 Combat Turn).
First Roll: DP 14, 3 hits, Total 3
Second Roll: DP 13, 3 hits, Total 5
Third Roll: DP 12, 3, Total 8

3 Combat Turns later, the hacker has the encryption broken. Now he tries to get in.

Hacker's Hack-On-Fly Test DP: 12 (Hacking 5 + Exploit 5 + 2 for VR) vs. Threshold of 10 (Firewall 4 +6 for Admin Account, 1 Complex Action)
First Roll DP: 12, 3 hits, Total 3.... Copter's Firewall 4 + Analyze 4 = DP: 8 vs. Hacker's Stealth Program of 5... 3 hits: Not detected
Second Roll DP: 11, 3 hits, Total 6... Copter's Firewall 4 + Analyze 4 = DP: 8 vs. Hacker's Stealth Program of 5... 5 hits: Detected, Firewall Increases by 4
Third Roll DP: 10, 3 hits, Total 9
Forth Roll DP: 9, 3 hits, Total 12 (Note that threshold increased from 10 to 14 when the hacker was detected)
Fifth Roll DP: 8, 2 hits, Total 14... Hacker has logged into the copter as admin

Another 2 Combat Turns later at the hacker is into the copter, the pilot was alerted and loaded an agent lightly geared for cybercombat
Hacker's Cybercombat DP: 10 (Cybercombat 4 + Attack 4 + 2 for VR) vs. Agent's DP: 8 (Response 4 + Firewall 4)
Agent's Cybercombat DP: 8 (Rating 4 + Attack 4) vs. Hacker's Defense DP: 12 (Response 6 + Firewall 6)
Hacker's First Attack: DP: 10 vs. DP: 8 = 1 net hit + Attack 4 = 5 boxes of matrix damage to agent. Agent Soak DP: 4 (Firewall 4)... Soaks 2, takes 3 boxes
Agent's Attack: DP 7 (Rating 4 + Attack 4 -1 Wound Penalty) vs. Hacker's Defense DP: 12... no net hits
Hacker's Second Attack: DP: 10 vs. DP 7 = 2 net hits + Attack 4 = 6 boxes. Agent Soak DP: 4, soaks 1, takes 5 boxes, total 8
Agent's Attack: DP 6 (4 + 4 -2 wound penalty) vs. DP 12... no net hits
Hacker's Third Attack: DP 10 vs. DP 6 = 2 net hits + Attack 4 = 6 boxes. Agent Soak DP: 4, soaks 3, takes 3, total 11, crashes

Another Combat Turn later and the agent is crashed. The hacker then boots the pilot off because he only has a security account and controls the helicopter right into an overpass

Command Vehicle DP: 10 (Command 6 + Pilot Ground Vehicle 2 + 2 for VR) vs Threshold 1. Vehicle automatically fails Crash test and vehicle and passengers take damage as if it rammed itself, based on current speed.


So, 6 Combat Turns later (18 seconds), the helicopter, in pursuit of the runners, doesn't even get into line of sight as the hacker crashes it. However, this also assumes that the pilot can't or won't shift Mutual Signal Range to only 100m or 400m until it gets a visual, thus maintaining the element of surprise for that much longer...

[Medicineman]

Tzizimine's explizit Posts deserve a big Applause 

HougH!
Medicineman

[JustADude]

Well, there's a number of ways to crash it, but assuming the hacker is doing it (and not a mage or spirit or street sam with a really big gun), here's how it goes.

My group has had a couple attack choppers come at it in its time. Both times it ended in a single IP.

1^st Encounter
Street Sam w/ HV Battle Rifle = 2x Long Burst @ 18 dice (Ex.Ex.)
Street Sam w/ Barrett = 2x Shoot @ 20 dice (APDS)
*BOOM*

2^nd Encounter
Mage = Force 12 Lightning Bolt^*
Street Sam w/ Barrett = 2x Shoot @ 20 dice (APDS)
*BOOM*

And in that second encounter, the sniper actually did more than enough damage to have dropped the chopper without the Mage's help... so, yeah, combat hacking's not really worth it, IMO.


*Dunno about strict raw, but the way our our GM ruled on Electrical Damage is that it does damage to vehicles & drones even though it's Stun, via frying/mellting/fusing essential bits of hardware.

[Mirikon]

Well, if you have people with big guns, then big guns are a good way to go. If you don't, or if you want something more than just 'copter go bye-bye', then hacking is a viable option, especially if the copter doesn't know you're there.

When you hack the vehicle's node, you have control of a lot more than just making the copter crash. You can, for instance, make the copter shoot the people who called in air support. Or you can crash it into a specific target.
http://www.youtube.com/watch?v=RW_hGOFukMQ

[JustADude]

Well, if you have people with big guns, then big guns are a good way to go. If you don't, or if you want something more than just 'copter go bye-bye', then hacking is a viable option, especially if the copter doesn't know you're there.

When you hack the vehicle's node, you have control of a lot more than just making the copter crash. You can, for instance, make the copter shoot the people who called in air support. Or you can crash it into a specific target.
http://www.youtube.com/watch?v=RW_hGOFukMQ

If they don't know you're there I wouldn't really call it "combat" hacking.

But, yeah, I'll give you that. If time permits then subverting the chalk is definitely the best option.

[toad]

Tzizimine's explizit Posts deserve a big Applause 

HougH!
Medicineman

Yes, thanks tzizimine, that was a great write-up!
Exactly what I was looking for. The books should have more examples like this.

[tzizimine]

Tzizimine's explizit Posts deserve a big Applause 

HougH!
Medicineman

Yes, thanks tzizimine, that was a great write-up!
Exactly what I was looking for. The books should have more examples like this.

You're welcome, everyone. I will say that the Anatomy of a Shadowrun from the Runner's Toolkit does do a decent job of what a session looks like, both in character and with a behind-the-scenes look at the tests and dice pools. But it doesn't cover every scenario and sadly, there are plenty of scenarios that don't play out as one would expect based on what gets hinted at in the books until you actually try to run it.


It is because of these scenarios that I try to warn some of the new players in my group that certain tactics just don't work, either without a lot of prep work or not at all. The example I gave above was assuming some pretty dumb mistakes that even decent corporate security guards wouldn't make.

[Murrdox]

I second the fantastic write-up on this.  My group has yet to deal with a security chopper.  They've dealt with a few pursuing vehicles though.  They never tried to actively take control of the vehicle to this degree, however they did send an Agent to crash the OS of the vehicle.  It ALMOST worked, except the Rigger driving the vehicle managed to crash the Agent first.

That was a very strange scenario to play out.

The Rigger was driving the vehicle, and at the same time attempting to fight in Cybercombat with the Agent.  At the time, I think I ruled it that he could both engage in Cybercombat, AND drive the vehicle, but he could only do one or the other with each Initiative Pass, and he took a -2 to the dice rolls for both skills while doing so.

Looking back on it, I probably should have ruled that he CAN'T do both of these things at the same time.  He'd have to turn over control of the vehicle to the onboard Pilot to engage in Cybercombat.

[tzizimine]

As I mentioned before, the example above does assume some pretty dumb mistakes for anyone that does Matrix security.


The first of which is the shifting of Signal Rating. There are plenty of times during the course of a run that either the party or the opponents should drop the Signal Rating. The biggest reason to do so when the threat of being hacked outweighs the need for long distance communication.


For those teams that keep themselves spread out over the target area, the Signal Rating should be no higher than the minimum needed to stay in contact with one other person, given that the dynamic auto-relay described in Unwired still allows for full-party communication so long as there is a string of hops, not full matrix subscriptions, that connect person X to person Y. For situations where centralization is needed, like a Tacnet, Signal rating should be no higher that what is needed to maintain connection to the central node handling it. In situations where communication is not needed, or handled through some other means (i.e. magical telepathy, mutual line of sight, etc), the Signal Rating should be just high enough to handle the matrix needs of your toys (guns, drones, etc). And unless you are a rigger or wanna-be rigger, keeping this at Signal of 0 is just fine.

In order to be hacked, you need to be in Mutual Signal Range, so limiting the distance between you and your attacker means you can help prevent the element of surprise as well as combat effectiveness. If your MSR is 3m and you physically run from the hacker, you can quickly severe any direct commlink-to-commlink connection.

The second is the use of Strong Encryption from Unwired. Now, I'll admit I wasn't thrilled about how this option was presented, because all you need is some extra time to all but make yourself unhackable, but that is how it is written so we go. Spend some time setting up your Encryption program on your commlink each and every time you turn it on. Five minutes is good. 15 is better. An hour is bordering on paranoid and 24 hours is really paranoid. You have now just set the time interval to break that encryption to that same amount of time spent, maximum 24 hours. This only affects the actual node of the commlink, not any of the files (that takes separate time windows to do) or any of your toys (which can't use Strong Encryption because of the use of Signal for communication). So even if you have an Encryption program of 1, the threshold might only be 2, but the time interval could be up to 24 hours.

Now, given the needs of corporate environments, bureaucracy, red tape, time dead lines and sheer laziness, the most time I can see spent on a single wage slave's commlink is 15 minutes and that's assuming the commlink is running 24/7 with the occasional maintenance window. For main, common use nexii, I see a max of an 1 hour, in the event that it goes down, it will take at least an hour to re-set up the encryption. For high-end secure nexii, between 6, 12 or 24 hours based on how often the nexus would ever go offline. For this reason, it is imperative for runners to find encryption keys, as it is often the only way to get through Strong Encryption in the short windows of time runners often work in.
[/size]
[/size]I don't know if this was the intention of the writers when they went over Unwired and SR4A to make hacking this complicated, but as in the real world, social engineering is a bigger threat that computer security.