comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
hacker’s handbook . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
96<br />
coUnterfeiting otHer cUrrencieS<br />
There are other kinds of electronic money in<br />
the Sixth World besides nuyen, and hackers can<br />
counterfeit those too. Typical examples include<br />
national currencies (UCAS dollars) and corpscrip<br />
(Aztechnology corporate pesos). These monies<br />
are usually easier to counterfeit than nuyen but<br />
are much more difficult to pass as authentic (verification<br />
systems get +4 dice on Opposed Tests to<br />
detect counterfeits). Player characters can also<br />
generate game currencies such as those used<br />
in Matrix games to buy virtual equipment (pikucredu);<br />
game cred can be purchased with nuyen<br />
inside the game but cannot (legally) be exchanged<br />
for nuyen after purchase.<br />
A very few backward places in the Sixth World<br />
even rely on physical mediums of exchange in<br />
the form of coins or bills (see Using Forgery, p.<br />
124, SR4).<br />
optional rule: forging Sins and ids<br />
Creating a fake system identification number (SIN) requires<br />
extensive resources that most shadowrunners just don’t have; the<br />
forger must generate and insert corroborating data into a number<br />
of government and corporate databases, the names and addresses<br />
of which are not available to the general public. The fixers and<br />
syndicates who deal in false SINs and IDs have established channels<br />
and contacts that work in the issuing institutions and have<br />
multiple backdoors into the necessary databanks. Even then it<br />
can be a tedious, expensive process to produce a high-rating false<br />
SIN, and also a very personal one involving increasing degrees of<br />
personal information and biometric data depending on the rating<br />
of the fake SIN. Solo hackers and technomancers can forge their<br />
own SINs, but without the apparatus of contacts and backdoors<br />
in place the process is much longer and more difficult than buying<br />
a fake SIN. Gamemasters should think very carefully before<br />
allowing their player character hackers to dabble in forging SINs,<br />
as it can prove unbalancing. The following rules are for use at the<br />
gamemaster’s discretion.<br />
Creating a fake SIN or fake license (see Legality, p. 303, SR4)<br />
requires Matrix access (through a commlink, terminal, or a technomancer’s<br />
innate ability) and an Extended Forgery + Edit Test (see<br />
the Forgery Table, p. 95, for Interval and Threshold). Fake SINs<br />
and licenses have a rating from 1 to 6 that determines how well<br />
they stand up to verification systems (see Fake ID, p. 260, SR4).<br />
Once created, the fake SIN or license and its corroborating data<br />
must be accepted by official databases, which requires a series of<br />
system intrusions and Hacking + Edit (System, 1 hour) Extended<br />
Tests on challenging nodes; the gamemaster decides on the target<br />
system ratings and can choose to play these out or summarize them<br />
quickly with an Extended Hacking + Edit (Rating of fake SIN x<br />
System, 1 hour) Extended Test.<br />
Burnt and Stripped Sins<br />
When a SIN is exposed as a fake or is no longer usable because<br />
of crimes connected to it, it is said the SIN is burnt. A SIN<br />
contains biometric and identifying data that a character doesn’t<br />
want to fall into the wrong hands, and can only be stripped of<br />
such incriminating data. Fixers and fences who buy fake SINs (see<br />
Fencing Goods, p. 303, SR4) typically strip them automatically,<br />
but some characters might not want to take the chance that their<br />
personal data is recorded first. A character can strip a SIN with a<br />
series of system intrusions and Hacking + Edit (System, 1 hour)<br />
Tests on challenging nodes; the gamemaster decides the target system<br />
ratings and can choose to play these out or summarize them<br />
quickly with an Extended Hacking + Edit (Rating of fake SIN x<br />
System, 1 hour) Test.<br />
When a SIN is burnt or stripped, the character loses all online<br />
accounts, licenses, DocWagon contracts, rental agreements,<br />
deeds for property, and legal debts tied to that SIN.<br />
optional rule: forging passkeys<br />
A passkey (see Passkeys, p. 64) contains an encrypted code<br />
that, combined with a valid passcode, allows a user access to a<br />
system. The encrypted code is incremented or scrambled every<br />
time it accesses the system, which means the code changes with<br />
every use. A dedicated character could forge a copy of a passkey,<br />
but it would require at least a schematic of the passkey and a copy<br />
of its firmware. The forged passkey (if made correctly) would be<br />
good for one use only—and it would have to be used before the<br />
actual passkey is used, or the code won’t work. If someone uses<br />
a forged passkey to access an account, the original passkey no<br />
longer functions correctly, and spiders or admin users will know<br />
that the last time the account was activated, it was done with a<br />
forged passkey.<br />
Given these limitations, most shadowrunners choose to steal<br />
or “borrow” passkeys; especially more advanced nanotech and alchemical<br />
passkeys, which require special facilities and equipment<br />
to manufacture.<br />
expLoitS<br />
Not to be confused with the Exploit program, an exploit is<br />
a loophole, a code flaw, or other software error that a hacker can<br />
take advantage of (in other words, an exploit is what the Exploit<br />
program is designed to find, from a built-in database of security<br />
flaws, and take advantage of ). A hacker that discovers a new exploit<br />
(i.e., one that software and security vendors don’t know<br />
about and haven’t plugged yet, and that hasn’t even circulated<br />
through the hacker underground) has a decided advantage when<br />
dealing with the subject of that exploit. The hacker gains a +2 dice<br />
pool modifier for a Hacking or Cybercombat Test targeting that<br />
specific exploitable software (a particular brand of agent, program,<br />
firewall, or operating system).<br />
Finding a new exploit requires research into the already existing<br />
exploits available for that piece of code and detailed analysis<br />
of the code itself, while also requiring a successful Extended Logic<br />
+ Hacking (10 + rating, 1 day) Test. Every time the new exploit<br />
is used, there is a chance that the exploit is plugged and no longer<br />
works—the hacker won’t know for sure until they try to use the<br />
exploit and it fails.<br />
Exploits aren’t restricted to a single system, so even if an exploit<br />
is plugged in one system, there’s a chance it will still work on other<br />
systems, until news of its existence spreads at least. Known new exploits<br />
are always plugged when a new patch arrives for the software.<br />
Unwired<br />
Simon Wentworth (order #1132857) 9