GM Core
Chapter 4: Subsystems
Hacking
Source GM Core pg. 222
A computer is only as secure as its weakest vulnerability; every computer has a terminal, and every terminal is another weakness. The hacking subsystem provides a framework for accessing computers using the versatile skill set of an entire party.
The hacking subsystem enables PCs to gain access to and control secure computers. PCs work together to discover and exploit a computer's vulnerabilities in order to help bypass the system's security without triggering its countermeasures. Using the hacking subsystem, characters who are untrained in Computers can help using magic, social skills, and more. There are two kinds of hacking encounters: simple and complex.
Simple hacking is quick, streamlined, and functions like a simple hazard. Simple computers have one access point and no vulnerabilities. Hacking a simple computer or Disabling the computer's countermeasures is a two-action activity. If the PCs have the time to gain access to a simple computer without the pressure of an accompanying encounter, you can allow the PCs up to two additional failures before triggering the computer's countermeasures. Alternatively, you can use the guidelines for building a computer to introduce a custom vulnerability or otherwise modify a simple computer, but adding more than one vulnerability runs the risk of making it a complex encounter that takes much more time to hack!
Complex hacking occurs over multiple rounds that might last a variable amount of time. During each round of a complexh acking encounter, each PC can act once, attempting to either exploit vulnerabilities, notice and disable countermeasures, or Hack one of the computer's points of access. Each time a character successfully exploits an access point's vulnerability, the DC to Hack the associated access point is lowered by the indicated value. If a character fails to Disable the access point's countermeasures or fails to Hack an access point, they accrue one failure (two on a critical failure) for that access point. Each access point has one or more countermeasures that trigger when a group accrues enough failures. Characters in the same group can act in whatever order they prefer, each taking a turn. Usually, the character attempting to Hack the computer will go last, giving the rest of the party an opportunity to disable the computer's countermeasures and lower the DC by exploiting vulnerabilities. While a group of hackers might be tempted to take their time and explore every avenue before attempting to Hack a computer, doing so is risky! During each round the PCs attempt to exploit one or more vulnerabilities, but don't attempt to Hack an access point or disable a countermeasure, they accrue one failure for an associated access point.
The hacking subsystem enables PCs to gain access to and control secure computers. PCs work together to discover and exploit a computer's vulnerabilities in order to help bypass the system's security without triggering its countermeasures. Using the hacking subsystem, characters who are untrained in Computers can help using magic, social skills, and more. There are two kinds of hacking encounters: simple and complex.
Simple hacking is quick, streamlined, and functions like a simple hazard. Simple computers have one access point and no vulnerabilities. Hacking a simple computer or Disabling the computer's countermeasures is a two-action activity. If the PCs have the time to gain access to a simple computer without the pressure of an accompanying encounter, you can allow the PCs up to two additional failures before triggering the computer's countermeasures. Alternatively, you can use the guidelines for building a computer to introduce a custom vulnerability or otherwise modify a simple computer, but adding more than one vulnerability runs the risk of making it a complex encounter that takes much more time to hack!
Complex hacking occurs over multiple rounds that might last a variable amount of time. During each round of a complexh acking encounter, each PC can act once, attempting to either exploit vulnerabilities, notice and disable countermeasures, or Hack one of the computer's points of access. Each time a character successfully exploits an access point's vulnerability, the DC to Hack the associated access point is lowered by the indicated value. If a character fails to Disable the access point's countermeasures or fails to Hack an access point, they accrue one failure (two on a critical failure) for that access point. Each access point has one or more countermeasures that trigger when a group accrues enough failures. Characters in the same group can act in whatever order they prefer, each taking a turn. Usually, the character attempting to Hack the computer will go last, giving the rest of the party an opportunity to disable the computer's countermeasures and lower the DC by exploiting vulnerabilities. While a group of hackers might be tempted to take their time and explore every avenue before attempting to Hack a computer, doing so is risky! During each round the PCs attempt to exploit one or more vulnerabilities, but don't attempt to Hack an access point or disable a countermeasure, they accrue one failure for an associated access point.
Building a Computer
Source GM Core pg. 223
Every hacker needs a computer to hack! The form a computer takes can vary greatly, from a secure technological database accessed via a holographic interface to an interdimensional tree that grows across realities and stores its data inside colorful, intangible fruits accessible only through lucid dreaming. While incredibly different and bound to sport unique vulnerabilities and countermeasures, both are computers for the purpose of the hacking subsystem.
Concept
Source GM Core pg. 223
The first step to building a computer is to develop an initial concept. What does accessing the computer allow your players to accomplish? What level is it? Is it simple or complex? Is it magical, technological, or hybrid? Does it have a virtual intelligence, or is it a living creature? Does it use remote access points, or does it require direct physical access? You should brainstorm the computer's name and description, as that can help you plan its vulnerabilities and countermeasures.
Computer Types
Source GM Core pg. 223
Most computers have the tech trait and can be hacked using skills like Computers, Crafting, and Thievery. Magic computers might incorporate programmable aeon stones or bound machine spirits that command ancient constructs and are usually Hacked using Arcana, Nature, Occultism, or Religion. Hybrid computers have the tech and magic traits, such as a password-protected spell chip or an arcane barrier controlled by a console. Hybrid computers often have different access points for their magical and technological components, but Hacking either should grant access to the computer. A computer's stat block will never be able to list every possible skill a character might use during a hacking encounter. You can use the values listed in a computer's stat block as a guideline to resolve creative, unlisted solutions to a hacking encounter.
Setting the Statistics
Source GM Core pg. 223
Use a hazard's Stealth and Disable DCs to determine the computer's DCs. Successfully exploiting vulnerabilities with a low DC should reduce the DC to Hack by 1, those with a high DC should reduce it by 2, and those with an elite DC by 3. Penalties to the Hacking DC incurred while exploiting a vulnerability are cumulative and should never be enough to reduce the DC below the low DC. The DC to notice a countermeasure is usually lower than the DC to disable it, which is always high or elite.
Simplified Quick Hacking
Source GM Core pg. 223
For a simplified quick hacking encounter, you can ask each of your players to roll appropriate skill checks to support the character(s) attempting the Hacking check. Each successful skill check lowers the Hacking DC by 1, or 2 on a critical success; a critical failure raises the Hacking DC by 1 instead.
Computer Stat Blocks
Source GM Core pg. 223
A computer's stat block is only necessary when hacking the computer is the primary obstacle. As many vulnerabilities and access points can take several minutes to bypass, consider using a single access point with no vulnerabilities or additional success benefits if your players are Hacking during an encounter. You can use this simplified method to allow players to Hack a basic computer with a complete stat block to perform simple commands, such as unlocking a door, but doing so shouldn't award XP or additional success benefits, and an additional check should be required for each subsequent command.
This provides information about the computer and its purpose.
Access Point Each access point should be noted as physical (if it requires the character to be physically adjacent) or remote (if it can be accessed from a distance). This is followed by the number of successes required to Hack the access point. The DC of skill checks that can be attempted to use the access point are listed here, followed by the minimum proficiency rank required for the skills (if any) in parentheses. Each access point is associated with its own unique vulnerabilities and countermeasures. If a computer has multiple access points, these access points (and their associated vulnerabilities and countermeasures) are listed separately.
Vulnerabilities Each vulnerability lists in parentheses the DC of any skill checks that can be attempted to exploit it, followed by a value of how much it lowers the access point's DC. Some computers don't have this entry.
Countermeasures Lists the nature of the countermeasures that trigger after reaching the number of failures in the parentheses; the DC of any skill checks required to notice and disable the countermeasures are also here. Some countermeasures have the persistent trait, meaning once they've been triggered, they automatically trigger again at the end of each ensuing round. Persistent countermeasures can be disabled even after they've been triggered, and doing so prevents them from triggering again (but doesn't erase the effects of previous triggers).
Computer's Name Computer Level
TraitsThis provides information about the computer and its purpose.
Access Point Each access point should be noted as physical (if it requires the character to be physically adjacent) or remote (if it can be accessed from a distance). This is followed by the number of successes required to Hack the access point. The DC of skill checks that can be attempted to use the access point are listed here, followed by the minimum proficiency rank required for the skills (if any) in parentheses. Each access point is associated with its own unique vulnerabilities and countermeasures. If a computer has multiple access points, these access points (and their associated vulnerabilities and countermeasures) are listed separately.
Vulnerabilities Each vulnerability lists in parentheses the DC of any skill checks that can be attempted to exploit it, followed by a value of how much it lowers the access point's DC. Some computers don't have this entry.
Countermeasures Lists the nature of the countermeasures that trigger after reaching the number of failures in the parentheses; the DC of any skill checks required to notice and disable the countermeasures are also here. Some countermeasures have the persistent trait, meaning once they've been triggered, they automatically trigger again at the end of each ensuing round. Persistent countermeasures can be disabled even after they've been triggered, and doing so prevents them from triggering again (but doesn't erase the effects of previous triggers).
Critical SuccessThis additional bonus is earned if a character achieves a number of successes equal to two times more than is necessary to Hack an access point, or if more than one access point is successfully Hacked. While this is most common for access points that only require one success, it can also happen when multiple characters attempt to Hack a computer at the same time. Some computers don't have this entry.
SuccessThe basic computer functions and benefits available when the characters successfully Hack this computer.
Sample Stat Blocks
Source GM Core pg. 224
In the simple computer example, an aeon stone taken from a defeated guard can be used to control security in an Azlanti prison. In the lower-level complex computer example, the PCs need to learn about Zo!'s unannounced show, either by hacking into the Zo! media server directly or by trying to steal his comm unit to get the information using his personal device. In the higher-level complex computer example, the PCs are trying to identify a contact using data from an AbadarCorp server.
Additional Rewards
Source GM Core pg. 225
While the hacking subsystem enhances an existing adventure, countermeasures can provide fertile ground for future encounters and threats, which makes hacking riskier than most subsystems. With greater risk comes greater reward! You can even use the hacking subsystem to supplement a character's income. Depending on the ethics of your party and the nature of the target, hackers could potentially drain funds from a credstick plugged into a hacked device, route funds from an account into a burner credstick, steal or counterfeit credentials, or transfer proprietary vidgame items onto their own devices. Information found on a computer could be extremely valuable to the right client, and might contain corporate secrets, evidence of a crime, secret magic rituals or crafting formulas, or military intelligence. You should give hints to your players when they discover these additional rewards that someone might find them valuable; perhaps allow them to Recall Knowledge checks on the spot, knowing that even if they fail, they might run into an interested contact in the future. If you're worried that these leads might slow down the game, you can make it more obvious by including the price and contact information of a potential buyer in another file on the computer.