Embed Size (px)
Citation preview
2
This PDF is published under the Creative Commons License:
GM Tips: Computer Hacking in RPG by Johnn Four is licensed
under a Creative Commons Attribution-NonCommercial-NoDe-rivs 3.0 Unported License.
Based on a work at www.roleplayingtips.com.You are free and encouraged to Share — to copy, distribute
and transmit this PDF, especially to GMs who run modern and sci-fi games.
I’ve added links to the tips when readers mentioned websites, games, movies and books. Any URL errors are mine, not the tipsters’.
Some links go to Amazon.com or RPGNow.com and are affili-ate links, which means Roleplaying Tips might make a few silver pieces if you make a purchase. I like Amazon links because you can at least get ISBN numbers, cover images and publisher information in one easy spot (and ‘cause i’m too lazy to do a proper bibliography :).
Product names, logos, brands, and other trademarks featured or referred to within this ebook are the property of their respec-tive trademark holders. These trademark holders are not af-filiated with Roleplaying Tips. They do not sponsor or endorse Roleplaying Tips or this ebook.
Credits & Legal
Produced byJohnn Four,
RoleplayingTips.com
eBook Design byJoshua JohnsonNascent Studio
Page Background Map byDyson at
Dyson Logos
ContributorsAlexander Ulmer, Andreas, Bryan Ray, EvilKnight, Ffej,
Herb Schuttler, Justin Thomason, Lee Barklam, Mark of the Pixie, Mike Bourke, Peter, in the Netherlands,
Ria Hawk, Rob Donovan, Rob Eaglestone,Stephen Earle
Comments, errors or questions? [email protected]
3
Table of ContentsLet Players Tell You What They Want From The Story .........................................................................11
EvilKnight
Use Skill Challenges With Choicesx ......................11Josh Barker
Try Cyberpunk 2020 ................................................12Andreas
Use A Mastermind Word Puzzle .............................12Lee Barklam
Some GM Advice .....................................................13Rob Donovan
A Few Ideas ..............................................................14Ria Hawk
Another Sleek System.............................................15Bryan Ray
The Nuances Of Computer Use In A Simulated World ........................................................................16
Mike Bourke
Would You Like More GM Tips? .............................23
GM Resources .....................24
Forward ..................................4Hacking Tips ..........................5A Simple Simulation ..................................................5
Rob Eaglestone
Run The Hack As A Sudoku Puzzle .........................6Justin Thomason
Use Regular Traps Skills...........................................6Alexander Ulmer
Use a Flowchart System ...........................................7Peter, The Netherlands
Hacking = Many Skills ...............................................8Ffej
Game Suggestions + Just Treat It like Combat ......8Mark of the Pixie
Mimic Deus Ex ...........................................................8Herb Schuttler
A Simple And Expandable d20 Method ...................9Stephen Earle
4
In Roleplaying Tips newsletter issue #536 a reader made a Tip Request for GMing computer hacking.
I posted the request and readers replied with some awesome tips and ideas, which appear in this free PDF for you.
Here’s the original request:Hi Johnn,I’m currently running a sci-fi future campaign where computers
are an integral part of space station and starship security.The rules include skills that allow dice rolls to hack com-
puters. This is fine for the random security door or the like, but feels too random and flavorless to me to have more important events hinge on it (like when you are in the bad guy’s empty lair trying to extract secrets from his computer without tripping any alarms).
I’m not asking for a whole game built around computer use, but are there any interesting ways you or other DMs handle computer hacking?
Following are the tips I received, which include some clever and simple mechanics. I think my favourite is Mike Bourke’s solution, which I’ve placed at the end. It offers me more as an RPG vehicle beyond dice rolls.
However, all the tips here are fun and usable, so I hope you get good value out of this freebie.
Thanks to all the Roleplaying Tips readers who responded to the Tip Request!
Forward
5
Hacking Tips
A Simple SimulationRob Eaglestone
Johnn,
Each ‘hacking turn’ consists of two actions, taken from a spe-cific list of actions.
One possible action is a ‘spoof’ program that disguises the user’s process. It requires a successful hacking task roll. A failed hacking task roll increases the computer system’s alert level.
Not performing a spoof each turn will automatically increase the computer system’s alert level.
The alert level specifies what sort of obstacles the player will have to face:
Green. The system is unaware of any security breaches. No countermeasures are in effect.
Amber. The system is randomly checking credentials of all running processes. Treat as an NPC with hacking skill at-tempting an opposed hacking task against the player; on a suc-cess, the player must spend his action in an attempt to spoof the credentials-checker. On failure, the system immediately moves to alert level Red.
Red. The system is on lockdown, and every process is being shut down. The player will be logged out (or worse) at the end of this turn.
Typical actions involve searching for data, disabling or ena-bling physical alarms in buildings, activating or deactivating cameras, and so on. These sorts of actions typically are auto-matic, and do not require a task roll.
Special actions include attempting to spoof a counter-intrusion program, and attempting to reduce (or increase) the alert level of the system. These both require a successful hacking attempt to succeed.
I have two additional items that can be added, or not.
1) Tracking. At the alert Red level, the system performs a hacking task against the intruder each turn. On success the system has located the source of the intruder, including a street address, and only then initiates a shutdown.
2) Codes. The actions available to an intruder are, essentially, programs. They are used to show a general risk level in certain actions, due to the number of steps needed to complete them.
QRY Executes a search for a specific chunk of data. The search is free, but the result can be “found” or “not found” – but never “not here.” The player never knows if the file is present or not, though with enough searching he can be reasonably certain.
DNL Downloads a searched file. Always succeeds.
DVC Activates or deactivates a data feed on a physical piece of equipment connected to the network. Always succeeds.
6
The data may be observed, but is only recorded on the net-work, and therefore must be downloaded for detailed analysis offline.
CHK Analyzes found or recorded data while still online. If this task roll fails it will raise the alert level of the system.
SPF Attempts to spoof an anti-intrusion program.
CLR Attempts to clear the system down one alert level.
ALT Increases the alert level of the system.
If the network is divided into “rooms”, then a MOV code would also be appropriate.
Run The Hack As A Sudoku PuzzleJustin Thomason
I don’t play in any SciFi games, but I did have a thought on making computer hacking more engaging. I thought of the Mass Effect video game computer hacking system - it turns breaking into a computer into a quick mini-game where you have to pick out matching code from a bunch of options streaming past - it is quick, effective and fun in its own right.
My thought was finding some visual paper based puzzles online and printing them out for the players (with the solution behind the screen).
Sudoku comes to mind because it is easily scalable by giving the player more or fewer numbers to start. Here are some free Sudoku puzzles.
The puzzle with an egg timer could work well I think. Give the players a minute of real time per round of game time or
something like that to make it a timed challenge.Using the d20 model, the player could also attempt skill
checks to get pieces of the puzzle from the DM (numbers filled into the Sudoku grid for instance) or possibly to buy more time on the clock. Beating the DC would give one clue; beating the DC by a lot could give multiple pieces of the puzzle. Failure could result in no penalty or losing time from the clock. At the GM’s discretion, a truly botched roll might set off an alarm.
Obviously this wouldn’t be for everyone, but my guess is most groups would be willing to give it a shot, especially with a GM who has all the particulars laid out so it plays swiftly and easily.
Use Regular Traps SkillsAlexander Ulmer
I have not playtested this method, but it would seem using the rules as written and applying the computer hacking skill repeat-edly to each situation—much like the pick locks/disarm traps skill that would apply to a door or chest in a fantasy campaign—should work well.
If the computer is heavily secured, there may be a penalty to the dice roll, while a weak password might allow for a bonus. But even worse would be hacking the hardware and software to obtain the desired file only to find that it has been encrypted.
Imagine the player’s surprise when they open the file labeled Secret Doomsday Plan only to find a picture of a pastoral land-scape with a flock of sheep.
The image is incredibly sharp because of the density of the pixels used to create it. Even if the players figure out that the plans are actually spelled out on one of those pixels, how to figure out which of the million pixels is the one that contains the plans?
7
You might also want to consider reading some Shadowrun literature to see how they handle hacking in that setting. I have seen examples where the effort at hacking becomes an adven-ture in itself, where the hacker enters the system, almost like the matrix, and where failure can have consequences in the real world!
Use a Flowchart SystemPeter, The Netherlands
Hi Johnn,A few things that spring to my mind reading your question to
spice up this RPG element are:Use a kind of flowchart approach like in the old D&D/Gamma
world TSR products that simulated learning new weaponry.Another good example is the module where D&D players enter
a crashed space ship:
Reading Comprehension Modifier
INT or WIS of 9-12 – no adjustmentINT or WIS of 13-15 – minus 1 to rollINT or WIS of 16-17 – minus 2 to rollINT or WIS of 18 – minus 3 to roll
Source: http://poleandrope.blogspot.com/2009/08/bibliomania.html
More ideas
◊ Follow the skill challenge approach as used in DnD 4th Edition, either straight from the book or modified, and let the players explain what they are doing when making a save
◊ Use a real computer/iPad with some kind of simulation/puzzle found on the web
◊ Combine these elements mentioned above◊ Make it into a A vs. B simulation where one player is the
hacker and the other ‘plays’ the computer system responding
8
Hacking = Many SkillsFfej
A lot depends on how realistic you want to be the game to be.GURPS is the system that I’m familiar with, and one inter-
esting phrase in the basic rule book is in the description of the computer hacking skill...
This skill is cinematic, and simulates the way computer intrusion works in many movies and novels. It does not exist in realistic settings!
Realistic “hackers” should learn a combination of Computer Operation (to exploit OS loopholes and run intrusion soft-ware), Computer Programming (to write intrusion software), Cryptography, Electronics Operation (Communications or Surveillance), Electronics Repair (Computers), Fast-Talk (to convince legitimate users to reveal passwords), Research (to find documented security holes), and Scrounging (to “Dump-ster dive” for manuals, passwords on discarded sticky notes, etc.).
Pretty vague I know, but if you do use the GURPS system then you’re in luck because this issue of Pyramid ($8) has a detailed set of rules for futuristic hacking.
It’s based on a list of programs that hackers and countering security systems would be using. It might be usable in other sys-tems by treating them the same as skills or spells in your game.
Game Suggestions + Just Treat It like Combat
Mark of the Pixie
There are several options:◊ Cyberpunk and Shadowrun both have lots of hacking stuff◊ Spycraft also has extended computer hacker rules◊ Yags computer is another one.◊ You can get some sets of cards which can be played as a
mini-game to represent hacking. (There is also the Netrun-ner CCG game, but that would swallow a big chunk of your session.)
I just translate hacking into a combat analogy. Break the hacking skill into attack, defense and health skills (easiest is to say they must average to the original stat). You can then treat each hack as a combat and use all your exciting combat tricks to make the hacking exciting.
Mimic Deus ExHerb Schuttler
I’ve just started playing through the videogame, Deus Ex, and I’ve been rather impressed by the way they handle hacking.
Each system, be it a door, or a safe, a computer, or an alarm pad, has a system rating, 1 through 5. If your character does not have the proper hacking skill, he cannot hack some terminals. For instance, a hacker with 3 points in his skill cannot hack a level 4 terminal.
Once inside the system, the player is presented with a small map of “nodes”.
9
There are often multiple paths from your entry point to your goal, but you have to attack and capture nodes along the path to progress along.
Each node has its own rating, too! And while you can capture nodes with a higher rating than yours, your chances of success are statistically impacted based upon the difference between your own skill rating, and the node rating.
For instance, a level 1 node might have a 15% chance of triggering a “trace,” whereas a level 2 node might have a 35% chance. Once triggered, the trace will try to track down the hacker by taking over nodes itself, following its own path to-wards the hacker’s point of origin. A countdown clock, related to the difference between player skill and system rating, counts down how much time you have to capture the final goal.
In the videogame, being traced all the way back to origin point kicks you out and sets off an alarm, and locks the system down for half a minute before you can try again, but your game could impose other penalties.
Not all nodes are created equal. Some are simply worthless transit points, some are data libraries (which can give valuable stuff if they’re captured), some are little action scripts, spam-ming the trace function, or redistributing points of rating among nodes.
So, if your players just want to go from point A to point B, they may, but if they also want to see what kind of info they can squeeze out of the data libraries, they’re going to have to cap-ture more nodes–and raise their risk of detection!
A Simple And Expandable d20 Method
Stephen Earle
The new Deus Ex game has a neat little hacking system that I was wondering about adapting for use in games.
The gist is you have a starting node, an objective node, a security hub and a number of nodes in between. Each node has a rating between 1 and 5 that dictates how long it takes to take control of it and how likely you are to trigger the security hub in doing so.
Put it in, say, D20 terms - you start in a Rating 1 Entry Node, with a Rating 1 Node next door, and a Rating 3 Objective Node after that. Also off the Rating 1 middle node is the Rating 1 Security Hub.
E(1)|
N(1) - S(1)|
O(3)
10
Each node takes a number of combat turns equal to its rating to capture. In the last turn of capturing it (or every turn while capturing it) you throw a D20 to see if the system goes on Alert.
Let’s say each Rating point increases the chance of detection by 10%. So a Rating 1 causes Alert on a 19-20, Rating 2 on a 17-20, etc.
Example Intrusion
In the above example, you start in control of the Entry Node, move and seize the middle Node in 1 combat turn, roll a D20 and either get a 1-18, in which case all is well and you can seize the Objective Node and control of the system without problems, or get a 19-20, in which case the system goes on Alert.
Once on Alert, the Security Node takes control of all Nodes adjacent to Nodes it controls, so as you move on and start the 1st combat turn to take the Objective, it takes control of the middle Node.
In the 2nd combat turn of taking control of the Objective Node, it starts to take control of the Objective Node and takes control of the Entry Node, at which point it’s traced the source of your signal and locks you out of the system.
More Options
And that’s it for simple stuff. The game included complex systems, with some paths between nodes being one way only, and the ability to increase a nodes rating and to increase your stealth, reducing chances of detection when capturing a node, as well as virus software that lets you automatically capture a node successfully and quickly, plus another virus that paused the security hubs response.
You can build all sorts from there depending on the system. In Shadowrun (a D6 system) you have Attack programs and
Defense programs, Stealth programs and Jamming pro-grams. Each already has a 1-6 rating system, which is the number of D6s rolled in a test, so that translates well.
You immediately have a choice between bludgeoning through a system or stealthing. Let’s make the rule that an Attack only takes one turn to control a node but automatically triggers Alert status. Stealth takes the Node Rating in turns and has to roll a test against the Node Rating each turn, with one success being enough not to raise an Alert.
Some systems might need multiple Alerts or Flags before they’d activate countermeasures, others would be hair trigger.
Defense programs are rolled as a test against the Node, taking a combat turn, with each success improving the Nodes rating by one, but you then have to roll a Stealth test against the new Node Rating or trigger an Alert.
And it goes on, with the potential to put in nodes that repre-sent specific features on a system, so you don’t have to hack the entire system to crash the security cameras, but you do to unlock all the doors, or something similar.
Include Nodes which can help you and Nodes which can hinder you or threaten you.
Adjust the threat level from the Security Hub gaining control of the Entry Node being a lock out to physical damage every turn until another PC unplugs you.
Adjust the rating on the Security Node to make it faster or more dangerous.
Make it necessary to complete actions within the Objective Node before unplugging from the system.
It’s a system with the potential for as much complexity as you need, but at the core has a single simple basis.
11
Use Physical Representation
It’s also extremely easy to physically represent with some coloured beads and a mass of D6s, plus a PC token. Put out clear beads for uncontrolled nodes, with a dice next to each with its rating.
As Nodes are taken over, replace the bead with the PCs’ colour. Save red beads for the Security system, and use a little marker for where in the system the PC is currently, allowing them to move to anywhere in the system adjacent to some-where they control before taking the round’s actions.
If you have a copy of the Settlers of Catan board game (and everyone should!) you have immediate links between nodes from the road pieces, and a robber token to represent the player, plus buildings for nodes, all of different colours.
Alternatively, you can buy packs of the same at no great cost, or make them with two seconds of cardboard cutting and a spray can or marker pen.
Let Players Tell You What They Want From The Story
EvilKnight
I would take a page from Burning Wheel where failure does not necessarily mean they fail, it just means they have complica-tions to getting that information:
◊ They set off alarms◊ Their hacking is logged◊ Guards show up◊ They get misleading or false information◊ Turns out the system was a honeypot to trap the PCs
Have the players define what they are going to get from the system.
Don’t accept open ended or general, “I hack the computer, to see what I can find” instruction.
Let them define what they are going to get, then put a DC on the effort (how hard you think it would be to hack and get that info).
Doing it this way gives the players a chance to “tell” the game master what they want from the game story. It makes failure fun instead of a dead end.
Use Skill Challenges With ChoicesxJosh Barker
I use skill challenges to liven things up. I became aware of skill challenges through the Star Wars Saga Edition RPG
(Galaxy of Intrigue source-book). I found them great for making certain checks more engaging.
For example, a PC was attempting to hack a com-puter to disable a hanger’s security systems.
I used a skill challenge here rather than just an op-posed computer check.
I gave the PC different options for hacking that would use different skills.
Did they want to use ‘disguise’ in an attempt to convince the
12
computer they were another user, or would they go for ‘stealth’ to flat out conceal their interference?
Each choice would have different consequences and could result in different outcomes.
To make it trickier I would often add conditions, such as one action being quicker but the other being safer. This gives the PC more choice and more opportunities to role play.
The good thing I found about skill challenges is they can apply to any situation you want to make a bit more complex. I have used them for hacking, spaceship combat, chase scenes, diplo-macy and repair checks to name but a few.
My players loved the additional dimension it allowed, plus it meant that they built more balanced players.
I used the rules from the Saga Edition Star Wars D20 RPG and they worked really well. I understand the rules are also present in D&D 4ed, but I haven’t tried those.
Try Cyberpunk 2020Andreas
Not a cure-it-all-message, just a tip: There’s Cyberpunk 2020, where computer hackers are their own character class.
Accordingly, hacks are covered pretty well by the rules. That’s the best source for hints and inspirations I can think of when it comes to computer systems in games.
Use A Mastermind Word PuzzleLee Barklam
Hi Johnn,In the game Fallout 3, to hack a computer you have to solve a
simple word puzzle. The better your hacking skill, the easier the puzzle.
The puzzle itself centres around a list of words, only one of which is the correct password. Every word in the list is the same number of characters. The higher the character’s hacking skill, the fewer words in the list and the fewer characters in each word.
By typing in a word, the computer either unlocks (it is the cor-rect password) or it reveals how many characters in the word were in the correct position.
Regardless of hacking skill, you have 4 attempts to guess the correct password. Make 4 wrong guesses and the computer locks, ensuring all subsequent attempts fail.
For example (an easy example that won’t take 4 guesses, even if you’re bad at this game!) you might have the following 8 words in the list:
EMPIREEARTHYBRAISEEARNEDBELLOWFELLOWENDINGETCHED
13
Typing in FELLOW reveals that none of the characters are correct, eliminating BELLOW as a possibility (having 5 out of the 6 characters of the word in the same position).
Trying EARTHY reveals also that none of the characters are correct, eliminating EMPIRE, EARNED, ENDING and ETCHED.
Leaving BRAISE as the only possible answer.Had the PCs started with EMPIRE, they would have been told
that 2 characters were in the correct position (the ‘I’ and the second ‘E’), which could have identified BRAISE or ENDING.
You get the idea. And, if not, buy Fallout 3, ‘cos it’s a great game for lots of other reasons, too. :-)
Make the puzzle more difficult by:◊ Throwing in some alien languages or character sets◊ Adding more overlaps in the words (some words share
similar character combinations, like double letters, ending in ‘ING’, etc.)
◊ Increasing the word length and number of wordsThe players may still be left with a random choice after their
third guess, but better that illusion of choice than a simple random roll of the dice.
It’s much more engaging for the players to feel like they have control over the outcome, even if it is entirely random (and maybe they realise that if they’d tried different passwords on their earlier attempts, they would have had an easier choice at their fourth!).
The onus is on the players to be clever and maybe even do a bit of roleplaying to help them out. Could the players learn that BRAISE was actually the name of the captain’s favourite childhood pet and more likely to be the password than the other choices?
There are some great online crossword dictionaries on the Internet you can use to generate lists of words for this puzzle - including long lists of long words if their hacking skills aren’t up to much!
Some GM AdviceRob Donovan
Hi Johnn, here’s some advice for the reader who asked about hacking.
As someone who used to play a lot of Shadowrun, I can pro-vide you with some tips about what might work and what might not in your campaign. Shadowrun had a whole different set of rules for hacking, which meant frequent trips to the rulebook and table-wide boredom as everybody else waited for the hacker to finish his mini-game. Not good!
Unless everyone at the table is involved with the hacking, you’ll want to make it short and sweet, but satisfying.
You might try something like 4th edition D&D’s “skill chal-lenge” system in which a player (or players) must reach a cer-tain number of successes before they hit a certain number of failures.
This could lead to some risk-taking as players realize they’re only one failure away from tripping the alarms and either try to get lucky or find another access point.
Simple, easy to implement, and fast-moving. And it allows for PCs to succeed at their task AND trip the alarms (always the most interesting outcome).
Another way might be to use the traditional combat rules and create a “computer system” enemy whose level is appropriate to the challenge desired. You’d probably also want to create an “avatar” based on hacking skill for each PC.
14
Both phantom characters can be as simple as you like, such as having attacks/defenses equal to their hacking skill. You could even create a setup where a PC has to conquer mul-tiple phantom-enemies in a row, to simulate going deeper and deeper into the system.
This proposal will take some time upfront to make new mini-character sheets, but once they’re drawn up the hacking should go quickly because the combat rules are things that everyone should be familiar with.
A final suggestion is to layer sci-fi hacking tropes on top of whatever rule system you use. Give each player tokens based on their hacking skill, and allow them to use tokens to represent things like a trojan, a worm, shutting down a single alarm, get-ting door codes, etc.
Create a handful of evocative things – or let your players describe their actions – and create some simple mechanics for them (e.g. automatic success, re-roll a failure, add +3 to a roll).
Even the simplest system can feel exciting when you describe yourself re-routing the enemy trace, introducing a nasty virus to cripple defenses, or shattering the last line of countermeasures with a brute-force attack.
Happy hacking!
A Few IdeasRia Hawk
Assuming the game system has rules in place for making hacking rolls, if the GM wanted to raise the stakes or lend more weight to the actual skill, they could always add an element of pressure.
Perhaps the main power failed, and now they’re on a time limit before the backup power goes out and wipes all the data. Or
something else is going on in the base that means they have to get out fast, data or no.
Perhaps there’s some sort of booby trap in place so that if an attempt at hacking is detected, sensitive data is destroyed.
The data could be strongly encoded, meaning that just getting it out of the system doesn’t help you. You have to decode it too. Alternatively, perhaps the data has been falsified. There might be a real copy somewhere else, deeper in the system. They would have to have some knowledge of what they were after to catch the deception.
Perhaps there’s a net admin or some sort of security program actively opposing them, turning it into something more akin to chess: not only do you have to defeat the system, but you have to outwit security.
If you want to change the mechanics themselves and add complexity, you could give the players puzzles to represent the security protocols they have to override. That would take the element of randomness out of the equation and make it more about skill.
A word puzzle might be used to find relevant passcodes: hangman has a built in limit, in that after so many tries, you fail (and the system locks you out). Anagrams or wordfinds could represent scrambled data. Sudoku might be a representation of cracking the encoding or rebuilding missing data.
You could probably get a good many puzzles out of one of those grocery store activity books, and many could be adapted to compare to hacking, and I’m sure there’s quite a few available free online.
The downside is you’d have to plan out what puzzles you’ll be using in advance, and your players will have to have some sort of skill at them.
15
If you want more roleplaying to the challenge, and you have time to do it, you could always run a mini-encounter in the computer system itself, where the various programs are actual NPCs (like in TRON), and have to be bypassed through role-playing and skill checks other than hacking. That option would probably be the most involved, but it could also be the most memorable.
Another Sleek SystemBryan Ray
I have been troubled by the same problem recently: How do I make hacking a computer an exciting part of the game?
Well, the most exciting part of most game sessions are the combats, so why not set up the hack like that? This idea was inspired by a recent suggestion of running gambling like combat, with the players’ money substituted for HP.
Here’s the system I’m in the process of developing:Substitute the hacker’s or computer’s skill for combat skill and
the hacker’s computer and programs for weapons. You’ll also need some kind of resource for HP.
Since I am running Classic Traveller, I allow the hacker to take damage to their Education and Intelligence attributes (in normal combat, they take damage to their physical attributes of Strength, Dex and Endurance). Other systems will require other ways of generating an HP equivalence.
You’ll probably want to adjust the time scale somewhat so each round is a reasonable amount of time for the hacker to perform an action. A minute or so is what I am using.
Once that’s settled, you need to come up with descriptions that suit a hack. You’ll need several different effects for a hit against the system, some for hits against the hacker, and a couple of
descriptions for misses (they’re likely to be uneventful, like “Your firewall blocks another attempt by the system’s ICE to access your deck,” so you don’t really need to go overboard there). Probably you’ll want some degree of indication that the PC or the system is low on HP.
I like giving the PC increasing degrees of access to the system:
◊ After knocking out the first 25% of the system’s HP, they get access to the building’s physical systems, including security cameras and fire suppression.
◊ The second 50% gives access to incoming and outgoing activity, so they can trace what the enemy is up to and pos-sibly get some bank information (account numbers only, no passwords at this point).
◊ After 75% they can start downloading protected data (though it may still be encrypted).
◊ At 100% the computer is completely compromised and can be infected with a virus, all files are decrypted, and the PC can attempt to begin hacks on other connected systems.
On the flip side:◊ When the PC is down by 25%, the system has identified
their access point.◊ At 50% it has their physical location.◊ At 75% it’s broken their firewall and is downloading their
own files.◊ At 100%, the PC’s deck becomes a system-controlled
node, and all of its resources can be used to attack the PC. Connecting it to any other computer system will launch vi-ruses, any GPS and wireless devices will constantly broad-
16
cast the PC’s location to the enemy system, and all data the deck has access to is known by the enemy (kiss your savings account goodbye!)
Depending on if there is intelligence behind the counter-hack (human or AI), the infected deck may even attempt to wirelessly hack into other portable electronics the PC is carrying, such as their cell phone.
The Nuances Of Computer Use In A Simulated World
Mike Bourke
In Roleplaying Tips #536, Johnn ran a tips request asking for tips on how to GM computer hacking. I decided that simply of-fering a few tips wasn’t quite going to cut it, and that the subject deserved a slightly more in-depth treatment.
Computers In RPGs: The Problems
Before solutions can be found to problems, it’s usually a re-quirement that the problems themselves be considered. Often, they aren’t even identified when you start, let alone articulated and analyzed. So that’s where I’m going to start.
The Legacies Of Obsolete Iron
The first problem is game systems often need to accommo-date a whole range of computer systems with extremely varied hardware capabilities.
Many of the key concepts stem from early mainframes, which could only run a few programs at a time.
Compare the stats of a state-of-the-art mainframe from the early 1960s with the microprocessor in a new car from the year 2000, and you will find that the car has the better computer – it’s
certainly better than the mainframe used for the Apollo missions, for ex-ample. (There are good reasons for that, related to proven reliability, but nevertheless….)
Similarly, compare a modern desktop computer with the stats of the Cray Supercomputer, famed as the Ultimate Computer in many TV shows and movies.
Astonishingly, the modern desktop wins out over the liquid-nitrogen-cooled billion-dollar
machine in most if not all respects. Processor speed, calcula-tion rate, memory, storage capacity, storage retrieval rate, ef-ficiency…just think about that for a minute.
Physical reality means this exponential growth curve in ca-pacity, known (in terms of transistor count) as Moore’s Law, can’t continue. In fact it seems to have levelled off in recent years – refer to this (slightly technical) article, for example, or this (somewhat less technical) blog post for the more generalist reader. Both are now a little dated, but the general principle remains.
Much of the mass media’s concept of what computers can and can’t do derives from the fancies of people back when Main-frames, also known as Big Iron, were the ultimate in computer power.
17
When I set out to create the computer rules for my superhero roleplaying game, I soon struck a fundamental problem in trying to not only modernize those conceptual standards, but to also accommodate the past and project into the future.
The results were a bewildering rules draft of more than 60 pages length. There were three attempts at a conceptual rules framework prior to that monstrosity, and two attempts at more abstract approaches afterwards, before my co-writer and I finally struck a computer rules system that seemed balanced in terms of game performance, abstraction and realism. That process took 8 years to complete.
Since I doubt most game designers care to spend eight years and six attempts in the creation of a relatively minor subsystem within the rules, it follows that most game systems have com-puter rules that are going to be inadequate at some point in time, and that aren’t going to be as playable as they could be. Unless someone’s had a stroke of genius, of course, that let them short-cut the development process.
There are always going to be:◊ Unreasonable limits on what a computer can do◊ Unreasonable translations of real-world computer system
capabilities into game-scale performance◊ A juggling act between simulation and abstraction that will
always fall short of the optimum◊ Frustration with the computer rules as a resultWhile it cannot solve such problems, whatever solutions to
the problems of roleplaying the interaction between a PC and a computer are offered should at least ameliorate this situation.
The Power Of Tomorrow-Tech
If the concepts of the past lead to modern problems of ab-straction in game systems, trying to forecast the capacities of the computers of tomorrow is even more problematic – because it’s exactly the same problem, but compounded with the hand-icap of trying to foretell the future.
The scale of the problem can be demonstrated by considering virtually any movie or TV show in which computers play a signifi-cant role – from Babylon 5 to Star Trek to Hackers to Sneakers to The Net to The Matrix to, well, you name it.
Actual events and computer capabilities outstrip the specula-tions within those shows almost immediately. It can easily be shown that to connect with a lowest-common-denominator audi-ence, such outstripping is inevitable.
Who, as late as the 1990s, could have forecast the iPod, iPad, Smartphone, GPS Navigation or Kindle? (Hackers is notable for getting about half of the technical dialogue and computer con-cepts right – putting it way ahead of the field!)
Again, this problem will not be completely solved by whatever solution we adopt, but a good solution should at least mask the difficulties.
Computer Time vs. Game Time vs. Real Time
Computers don’t operate on the same time scale as people do.
Pre-programming, and the ability to launch massive undertak-ings with a single mouse-click (or equivalent), means a com-puter can do 10,000 things in the time it takes a person to do one.
For example, trying to guess a password. A modern desktop computer can easily try 1,000+ password guesses in a second,
18
proceeding in a systematic attempt to break security by brute force. The weaker the password or other security, the more quickly success will be achieved in this manner.
There’s an inevitable compromise between security and ac-cessibility when it comes to such things. The strongest pass-word is a long string of apparently unrelated characters and numbers.
But those are hard to remember and harder to type in accu-rately, and even harder to type in both accurately and quickly.
There are various ways around such problems – using a password manager to generate complex passwords for you, or using some system to derive that seemingly random string of characters.
I even once saw a program that had the rules and statistics of the English language built into it so that, given a pair of letters, it could generate a password of any desired length that consisted of the least-likely characters to follow the preceding one, with a random choice when multiple options were possible.
This discrepancy poses serious problems for the GM when it comes to PC-computer interactions, because it means the number of actions that can be launched and completed by an individual in the cyber-world is vastly disproportionate to the number of actions that can be carried out by other PCs in the real world.
There are three serious problems that arise. The first is that either the GM compromises the effectiveness of computer tech-nology, reducing the effectiveness of the computer to “human” standards, or he gives the computer hacker a vastly dispropor-tionate share of screen time.
This problem is exacerbated by game systems that operate on a binary “success/fail” structure when assessing skill use.
One Stands Alone
The second problem is all this screen time is necessarily conducted outside of the group environment. It is solo in nature and not collaborative. The other characters can’t interact with the hacker while he’s in “hack mode” and he can’t interact with them.
For example, think about how much information on a target a good hacker could accrue while the other PCs are engaged in a 45-minute drive across town to the target. Even without doing anything illegal, just using standard tools like Wikipedia and Google, how much information can you get in that period of time on any given subject?
Would 90 relevant websites – two per minute – be unreason-able? Most would come up early, later it would be harder to find something that wasn’t a redundant regurgitation of information already retrieved.
It actually takes longer to assimilate the information retrieved than it does to retrieve that information in the first place. The core of the subject will probably be retrieved in the first 30 sec-onds, and you’ll spend more time excluding unwanted data than reading relevant information.
You couldn’t wrap your head around a vast subject – for ex-ample Microsoft Controversies – in such a short span.
But on any specific subject – say, the 2007 Cricket World Cup? You may not gain enough information to be an expert, but you can certainly expect to be an authority on an amateur scale in such a period of time – unless the subject itself is so broad as to be useless in any realistic context.
(A Google search for 2007 Cricket World Cup brings up 26,300,000 references; being more specific with a search for 2007 +”cricket world cup” refines the results to the most relevant
19
9,350,000 results. You might not understand all the nuances without also reading up on the rules of cricket – fortunately, there are another 8,480,000 web sites out there to help with that. There are even 71,900 web sites that deal with the overlap between the two subjects. It took me more time to type in the questions than it did to retrieve the results.)
How about something specific: the thermodynamics of frozen mercury? Well, obvious search terms are “solid mercury”, “su-percooled metal”, “supercooled mercury”, and “frozen mercury”.
Perhaps refining all of the above with the additional term “thermodynamics”.
Those searches yield, respectively:◊ Solid Mercury – 107 million results, down to 1,120,000
with “thermodynamics” as an additional term◊ Supercooled Metal – 900 thousand results, down to
93,300 with “thermodynamics” as an additional term◊ Supercooled Mercury – 427,000 results, increasing to
680,000 with the additional term “thermodynamics” includ-ed(!)
◊ Frozen Mercury – 17,500,000 results, reduced to 746,000 with the additional search term
The searches took perhaps 30 seconds, and already I know more on the subject than I did. Notably, that frozen mercury can be sculpted using liquid nitrogen. There’s even YouTube video of it being done!
And that’s only using the net for information retrieval. A system properly set up with various operations scripted in advance can permit a more substantial interaction with any computer con-nected to the internet almost as quickly as you can click on it.
Changing someone’s identity? Crack the site, locate the data-base, search it for the record you want, overwrite it.
The more automated that process, the faster the whole thing happens. It would take some fancy programming to get it to the “point-and-one-click” standard of ease, but it’s (unfortunately) not that far removed from it now.
The Impersonal Face Of I.T.
The final problem that comes from the differential in speeds is that “interacting” with computer systems is an impersonal activity – a series of die rolls. There’s no real interaction, no real capacity for role-playing, in that approach. Player rolls a dice, GM interprets the results – that’s it. Not very satisfying.
This is a consequence of the first two problems and hence only indirectly related to the “computer time” issue, but this is at the heart of the problem.
The Request For HelpThe request for help didn’t elaborate on the problem with com-
puter interaction that was being anticipated, and doesn’t specify game system – just a vague hope that there’s something more than the “roll a die” approach.
Well, don’t despair, because there is a solution!
Computers In RPGs: A Solution
Having laid out the problems the GM faces in trying to referee the man-machine interface, it’s time to consider solutions. Pref-erably, one solution that solves or at least minimizes all of the specific problems identified.
Simulation, Thy Aim Is Virtual
In the late 1980s and beyond, it became fashionable to create a virtual world for characters to inhabit while interacting with computers in any deep, meaningful, way.
20
This concept quickly migrated into RPGs – notably Cybertech’s Cy-berspace and TORG’s Godnet. The reason is simple: it holds the seeds to cure virtually all the ills described previously.
The reason for the effectiveness of a VR world as a solution to these problems is that it reflects a translation of machine-scale (espe-cially in terms of time) into a character-scale interaction.
By using metaphor and symbolism to rep-
resent the various barriers and problems the character hacking the machine encounters, and the tools that can be employed to assist in the solution of those problems, VR-simulation recasts computer events into roleplaying events.
With voice-recognition style input mechanisms and text-to-voice systems – both of which have been around for a decade or so in primitive form, but which have not yet achieved seam-less functioning – the entire experience of hacking a computer can be re-envisaged in this fashion, and the conversation be-tween computer systems becomes a roleplaying event between the character and his target.
The Dreamtime
For my superhero game, I wanted to come up with a new metaphor for the internet, as perceived in this fashion.
What I eventually settled on was a term derived from the Abo-riginal Natives of my Australian homeland, “The Dreamtime”.
The principles of The Dreamtime are simple:◊ Everything happens as a character-level interaction and on
a human time-scale◊ There is ONE die roll per action that is shaped and inter-
preted to describe the entire encounter◊ Each system has its own metaphor, its own virtual world if
you will, so each time you penetrate a new computer you enter a strange new environment that can be anything I can imagine.
Aggregation Is Your Ally
Making this approach work requires two adjustments to your thinking; the first is aggregation and the second is variable time.
Aggregation is the principle of loading multiple subtasks into a single overall task and using a single die roll to ascertain the character’s success or failure at that overall task.
For example, let’s talk about the act of filching a set of blue-prints from a villain’s computer. The subtasks are:
◊ Breaking through the outer security layer that protects the computer systems from outside infiltration
◊ Evading the anti-tampering measures that continually search for unauthorized changes
◊ Searching the system for the blueprints◊ Gaining access to the blueprints
21
◊ Packaging the blueprints for transport out of the host com-puter
◊ Escaping the system without detectionYou could have the character make six or more die rolls for
these six or more tasks, but a far better approach is to consider them all one big task – getting the plans out of the target com-puter, creating a virtual world to represent the target computer system and roleplaying the encounter as a metaphor for the larger task.
A key aspect to aggregation is that there are degrees of suc-cess and degrees of failure. The die roll determines where on this spectrum of possible outcomes events will fall, based on the character’s abilities and the difficulty of the overall task.
◊ I describe a castle, middle-ages European in style, with moat, portcullis and drawbridge. This gives the basic motif of the virtual world the virtual character is going to enter
◊ The character doing the hacking makes his one and only skill check of the entire process, which indicates to me (as GM), but NOT to him, that a partial success will occur.
◊ The player describes how the character overcomes the problems already thrown his way: the character swims the moat, fires a jet-propelled climbing hook so it fixes to the battlements, climbs the rope attached to the climbing hook, then draws the rope up behind him. Since he doesn’t know what he will find on the battlements, he can’t go further without input from me.
◊ I assess the difficulty of each sub-step relative to the dif-ficulty of the overall task. If that difficulty indicates that the character would have failed the test, I can either apply a sufficient bonus that he succeeds (giving me a penalty that I can put in my pocket for later) or simply have the action fail, requiring the player to come up with an alternative ap-
proach.◊ I decide the moat is easily crossed, climbing the rope is
not too difficult, and that the character succeeds in both. I indicate this success by describing the actions and then move on to describing the battlements. In effect, the char-acter is using a back door to evade the initial security. If the back door approach is not going to work, the character will find nothing but solid stone on the battlements. If it works, there will be a locked door or perhaps a palm-print scanner or whatever to be overcome before the backdoor is actually opened.
◊ …and so on. There might be ghosts representing the in-ternal security and suits of living armor blocking doors and puzzles and riddles, and who knows what else to be over-come before the player achieves his reward.
The key is that I decide, based on the die roll, how suc-cessful the player is going to be, and where he will fall short of his overall objective.
If the character rolls well enough, everything he tries will work (somehow), no matter how unlikely it is.
If he rolls badly enough, everything he attempts will end in disaster.
If he rolls somewhere in between – which is the most likely – perhaps he will get the blueprints, but be unable to carry them out. Or he will find where in the castle they are, but fail to get through the lock. Maybe he sets off security, or even gets away with the blueprints but only by leaving clear evidence he did so.
The success or failure of the character both shapes, and is shaped by, the overall plotline.
22
Time Doesn’t Fly When You’re Having Fun
The second key concept that a VR solution entails is that of Variable Time. Most RPGs take the position that each round a character gets to make a new die roll.
This approach, by aggregating all those die rolls into one, also aggregates the time frames involved. It doesn’t take a lot of thought to realize this means that just as there can be degrees of success involved, so the time taken to succeed in a subtask is also under the GM’s control.
The amount of time it takes to achieve any given task is under GM control – all a successful die roll means is the character will succeed – eventually.
That means the GM can configure the apparent difficulty to a level appropriate to the target – low for a fairly open public system, incredibly high for the arch-villain’s main computer – without compromising that impression with an easy success by the hacking player.
Even better, it means the GM can run the hacking in temporal lockstep with the activities of non-VR characters, eliminating the problem of differing temporal rates altogether.
Interacting With The Intractable
Why stop there? Combat can occur between virtual charac-ters, representing some sort of active opposition to whatever the character is trying to achieve, as compared to a passive obstacle like a moat, a door, or a lock.
Damage inflicted would be to the systems and hardware the character is using to “go online” and would affect his virtual self as though he had actually sustained the damage.
A portion of the damage might even feed back as physical harm to the character as though he were in real combat.
The Ghosts In The Machine
The VR approach has proven itself in past uses in my cam-paigns, but of late I have taken it even further.
I realized the nature of a computer system will reflect the per-sonality and abilities of its creator and its programmer. Rather than a simple score to be overcome, the difficulty assigned should be a summation of all those who contributed to the sys-tem’s creation.
Since they can keep trying until they get it right, they are rep-resented at their very best. That means the last line of defense should be a simulacrum of the system’s creator (the arch-vil-lain, in the case of the example enquiry) – a creator who always rolls a natural 20 for anything prepared in advance.
That character’s normal skill levels will be applied to such tasks as disguising data, blocking hacking attempts, etc. The target will reflect the creator, or put another way, the creator’s ghost will inhabit the machine he has created.
Even if the basic hardware is off-the-shelf, each user will modify the system to better suit his own needs and uses.
My computer set-up would not be the same as Johnn’s, even if we had identical computers. I would have options configured dif-ferently, I would have software installed he does not have (and vice-versa) and so on.
In the virtual world, that would make my computer a some-what-inadequate reflection of me, and his computer a reflection of him.
Scorecheck
The VR approach, with Aggregation and Variable Time ele-ments, solves or ameliorates hacking in RPG. It offers additional avenues for roleplay and characterization, and permits the GM
23
to flex his creative muscles to the maximum.It’s not a perfect solution, as there can be some additional
prep involved, but as solutions to problems go, it’s not half bad.
Would You Like More GM Tips?Wow, some great ideas and advice in this ebook! Thanks
again to all the Roleplaying Tips readers who contributed.If you are interested in receiving the Roleplaying Tips news-
letter for game masters, you can get a free subscription by emailing [email protected]
Look for a confirmation in your inbox - click the link in that email to complete your free subscription.
I have a strict privacy policy and never sell, rent or give away email addresses. I treat your privacy like my own.
24
Faster CombatEnd the grind. The world’s first online course for game masters teaches you how to cut combat time in half while adding twice the story and excitement.52 lessons show you step-by-step exactly how to master GMing awesome combats.
GM Resources
Assassin’s Amulet - Life is a Dangerous BusinessHow to run the best assassin encounters in your life. Plus add such depth to your campaign players will give you a Standing Ovation. 300 pages include maps, floorplans, props, locations, GM Advice, new NPCs and new magic items including Legacy Items!
GM Mastery: NPC EssentialsThe DEFINITIVE sourcebook on how to design amazing NPCs. Winner of the Gold ENnie, this book helps you design realistic and unforgettable char-acters. Charts, tables and step-by-step instructions guide you to unforgettable GMing. Rated 5/5 stars!
“This product is far and away one of the best purchases I have made on RPGNOW.”- Christopher Sargent
MyInfo SoftwareHow To Be On Top Of Your Game Without Breaking A Sweat. Track your entire world, your whole campaign, and every adventure.
“I’ve tried other methods and other software, but MyInfo helps me run my games best.”- Johnn Four
“If you’re even considering adding assassins to your game, or want to play them as something different than just cold killers for profit, I highly recommend the book.”- Brady Boothe
“I’m really enjoying the Faster Combat course. It’s really helping, because it *does* have a ground up approach.”- Ria Hawk
