Professional Documents
Culture Documents
GURPS 4e - Realistic Hacking Rules
GURPS 4e - Realistic Hacking Rules
This supplement intends to add realistic rules for various computer-based activities in GURPS.
Quarter-TL Table
Quarter-TLs after qTL9 may start at any time period after 2030.
Existing Perks
‡ This perk requires specialisation.
Cutting-Edge Training‡
You have cutting-edge training, allowing you to learn skills ahead of your tech level, or for qTL-based skills, ahead of your
quarter-TL. You must specialise by skill. Having five skills with this perk in the next basic TL (for quarter-TL-based skills, round
decimals down for basic TL) allows you to exchange the 5 perks for one level of High TL; qTL-based skills with this perk in the
current basic TL do not count. This perk can only justify qTL-based skills up to four quarter-TLs above your own; take High
TL if you want to have qTL-based skills more than four quarter-TLs ahead. If you want to have a technique ahead of your tech
level or quarter-TL, take as many instances of this perk as necessary to upgrade all your skill prerequisites; do not take this perk
for the technique itself. (See PU2:16 for more on the “vanilla” version of this perk.)
New Perks
‡ This perk requires specialisation.
Speedrunner
You regularly speedrun video games, i.e., you play them as fast as possible. You get a +1 to reactions from other speedrunners
and a +2 to all IQ and IQ-based skill rolls related to video gaming. Similar perks are possible for pinball and tabletop games.
Computer Geek
Computer operation comes naturally to you. This perk offsets -1 in familiarity penalties for software and hardware, but not
penalties from (Interface Type) Illiteracy. Incompatible with Technologically Illiterate.
New Quirks
† This quirk is levelled. ‡ This quirk requires specialisation.
Out Of Date†
Your personal quarter-TL is below that of the campaign world, but it’s not enough to put you in a lower basic TL. Each level of
this quirk represents a quarter-TL below the campaign’s level. Theoretically, you can have at most three levels of this quirk – e.g.,
you’re a qTL8 character in a qTL8.75 campaign.
Technologically Illiterate
You don’t “get” computers and other electronics. You have a -2 penalty to Electronics Operation and Computer Operation,
and cannot learn Computer Programming, Electronics Repair or Engineer (Electronics) at all unless you get rid of this
quirk. People who didn’t grow up around computers and electronics often have this quirk. Incompatible with Computer Geek.
Existing Skills
Any IQ-based skills with qTL mentioned below now have quarter-TLs. The GM should specify the quarter-TL of his game. You
get the normal full TL penalty only if the TL being your skill and what you’re trying to do is four quarter-TLs apart or more;
otherwise take half the penalty, rounded down; there is no TL penalty for tasks below your skills’ quarter-TL in the same basic
TL. Quarter-TL skills with regular-TL prerequisites need the regular-TL prerequisite to be in the same basic TL; e.g., a qTL7.5
skill requires its basic-TL prerequisite to be TL7.
Staying Up to Date
It takes 2000 hours to adapt your qTL-based skills and
techniques to a sudden change in quarter-TL in the same
basic TL (e.g., qTL8 to qTL8.75). If the basic TL also
suddenly changes, as from qTL8.75 to qTL9, it still takes
the usual 2000 hours for your qTL-based skills. Normal,
slow, sequential basic-TL and quarter-TL transitions do not
require any extra time to adapt, as usual.
New Specialties EM Analysis: The operation of EM analysis equipment. Other specialties default at -4 to this one and
vice versa.
New Optional Specialty Cybersurgery (qTL): The surgical installation of bionic limbs, neural jacks and other cybernetics,
as well as the insertion of implants. First appears in qTL8. Unlike other specialties of Surgery, this one is qTL-based due to
the rapid changes in cybernetics. Has the usual defaults to other specialties and non-specialised Surgery. When using this
specialty’s default from non-specialised Surgery or another specialty, the default is at the character’s quarter-TL.
New Specialty EM Analysis: The repair of EM analysis equipment. Other specialties default at -4 to this one and vice
versa.
Familiarities Computer Security takes the same types of familiarities as Computer Programming. Do not stack penalties
for lacking the same familiarity in both Computer Security and Computer Programming (this can happen with techniques
that have both as prerequisites); instead, take a single -2 penalty for the missing familiarity.
Other Familiarities Computer Programming has the same familiarities (and penalties for the lack thereof) for OSes,
software and hardware as Computer Operation, but does not share individual familiarities with that skill; i.e., familiarity with
an OS for Computer Operation does not entail familiarity with that OS for Computer Programming. These penalties do
not stack with the equivalent penalties for an unknown target OS, non-OS program or hardware. (If a technique specifically
mentions that familiarity or knowledge penalties are to be applied and this rule also applies, do not redundantly stack penalties
for the same unfamiliarity or missing knowledge.)
AI Programming Familiarities A familiarity with a given type of AI protocol, format, etc., gives you some knowledge of
exploits within that protocol, format, etc. As stated above, you may roll against Computer Programming (AI) to know of
exploits within a familiarity you have.
New Skills
Note: Some skills use a new combination attribute, Dexterity-Intelligence (DI). This is (DX + IQ) ÷ 2, rounded down.
Computer Hacking
Familiarity penalties for hardware, software and administrative protocols apply cumulatively to any attacks where they’d be
relevant. Do not apply ease-of-use bonuses for the targeted software; you’re hacking it, so ease of use doesn’t matter. Regarding
your own software, use the higher of the software’s skill level or your own. As per B346, you may take bonuses for taking extra
time or penalties for being hasty. The usual penalties and required Stealth rolls for being stealthy apply. Some level of Expert
Skill (Computer Security) (hereafter referred to as Computer Security) is required for all attacks. Substitute non-AI
Computer Programming for Computer Programming (AI) and Computer Security for Expert Skill (AI Security)
if the target is a sentient AI.
Time taken: Most hacking techniques involve very little time actually hacking the target computer. Unless otherwise specified,
assume the hacker only needs to access the target computer for 5 minutes.
Hacking Techniques
These are techniques used for computer hacking. Feel free to add your own for the setting. Some of these techniques are
TL-specialised. These techniques can get bonuses for extra time and routine use. All techniques with qTL must take a quarter-TL
and now take quarter-TL penalties as mentioned above in Existing Skills.
Probabilistic Attack/qTL (VH) Defaults: Computer Security/qTL-4, Professional Skill (Security)/TL-4, Mathematics
(Applied)/TL-4 or Research/TL-4.
Prerequisites: Mathematics/TL4+, Research/TL4+ and either Computer Security/qTL6.75+ or Professional Skill (Secu-
rity)/TL4+; cannot exceed the highest prerequisite.
This technique involves determining which accounts, passwords, safe combinations and the like are likely to see use. Roll a QC of
this technique versus the target’s highest of IQ, Computer Security and Professional Skill (Security) to attempt just that.
You need to win to get any credentials; if you win, critical success by you or critical failure by the target means you managed to
get the password or combination particularly valuable. Having a plain-text file (or physical document) that may (or may not)
contain passwords (as from decryption techniques, Intelligence Analysis or EM Analysis, below) adds a bonus or penalty to
your side of the QC. Each attempt takes 5 minutes. Note that two or three failed attempts to unlock a system may lock down the
targeted system.
What Am I Using?
A computer user working with unknown software may roll
Computer Operation at +2 or Computer
Programming (or any of its specialties) at +4 to know
which software they’re using or working with, with penalties
for rarity and bonuses for very common or widely used
software; add -3 for non-OS firmware. No roll is needed for
this if the software is widely used, isn’t non-OS firmware,
and you have Computer Operation at better than default
for the software’s quarter-TL. Familiarity penalties also
apply. Users automatically recognise software relevant to
their skills - no roll necessary - unless the software is very
obscure.
EM Analysis/qTL (H) Defaults: Computer Security/qTL-3, Electronics Operation (EM Sensors)/TL-3, Telecommunication
(Radio)-3 or Computer Programming/qTL-3.
Prerequisites: Computer Security/TL7+, Computer Programming/TL7+ and either Electronics Operation (EM Sensors)/TL7+
or any form of Telecommunication (Radio); may not exceed any prerequisite skill, but if Telecommunication is not skill-based, the
lack of Telecommunications skill does not count against this technique’s maximum level.
EM analysis techniques involve using an EM scanner or specialised radio receiver to pick up the EM radiation that all electronics
emit, especially CPUs, GPUs, keyboards and displays. An EM scanner or equivalent is required equipment for this technique.
For each device, the GM rolls two QCs of this technique against only the hardware modifiers in the device’s Hardness (excluding
hardware encryption; minimum of three). The hacker gets normal range penalties (on the SSRT) to each target device, as well as
jamming penalties. Modifiers: -2 for residential computers and devices, +2 for large commercial networks, +5 for server racks (a
lot of sensitive data goes through these; but they’re usually well-secured, offsetting this modifier). Takes any familiarity penalties
that its prerequisite Computer Programming would take.
The first roll determines whether any passwords or credentials were gathered and how valuable they are. If you win, the data you
gathered may then be used to provide a bonus of this technique’s margin of success for Probabilistic Attack (see above); add
another +3 if the target critically failed. However, even a critical failure by the target does not mean you get, say, high-ranking
government credentials on a residential computer (but it’s not impossible). On loss, apply the margin of failure as a penalty to
Probabilistic Attack if used for that; a critical success by the target adds a further -3. A tie means a net +0 modifier. You
won’t know how successful or unsuccessful you are until you actually use the data. Critical success by you has no extra effects.
The second roll determines how much useful data besides passwords and credentials was gathered. If you win, gathered data
contains useful or valuable information, the value depending on the margin of success. Critical failure by the target means you got
something particularly valuable, but even this does not normally mean you get corporate blueprints off a random residential PC
(but it’s not impossible). If you lose, it means the gathered data doesn’t contain anything useful, but keep the margin of failure.
Critical failure by you and critical success by the target have no extra effects. Critical success by you also has no extra effects.
Multiple attempts: Multiple concurrent attempts for this technique use the same rolls as for the first. Do not roll again. (If
someone else is attempting to run EM Analysis on the same targets as you, roll a QC of their skill against the results already
rolled for the target’s side.)
Extracting information: Extracting information from gathered data takes another hour and a GM-made Intelligence Analysis,
Electronics Repair, Engineer (Electronics) or Computer Programming roll, whichever is highest. Intelligence Anal-
ysis gets +2 for the information roll while the other three get +2 for the password roll. If successful, you’ll know the roll results
on both sides (and win/loss margin) for both EM Analysis rolls performed on the data, along with any useful data you picked up
from nearby devices; critical success adds 3 to both win/loss margins, which can turn a loss into a tie or win. Failure means you
don’t know anything; critical failure means the GM lies to you. Normally takes one hour.
Engineers only: People with experience in electronics can try to tune the EM receiver/scanner for the specific device in question.
If you know the target device well enough (i.e., no familiarity penalties), a successful GM-made Engineer (Electronics) or
Electronics Repair adds +1 to your side on both EM analysis QCs; critical success makes that +2. Failure gives -1 and critical
failure a -2.
Remote viewing: Make a third QC at -2 to your side to remotely view a device’s display. A win or tie means you get to remotely
see the display. Criticals have no special effects. You may keep viewing for as long as you wish (barring getting caught) as long as
the target device remains powered on.
Being detected: EM analysis does not generate any unusual EM transmissions, so this method is undetectable that way by others
without the technique; this obviously means the technique will never trip anti-malware programs. (You may still be seen or heard
using the technique though.) Detecting ongoing EM Analysis using EM Analysis takes a QC of your technique versus theirs
with a +5 to the defender. A win means you detect it, and a tie or loss means you don’t.
Network Trace/qTL (H) Defaults: Computer Operation/qTL-3, Electronics Operation (Communications)/qTL-3, or Com-
puter Security/qTL-3.
Prerequisites: Computer Security/qTL6.5+ and either Electronics Operation (Communications)/qTL6.5+ or Computer Opera-
tion/qTL6.5+; cannot exceed the lowest prerequisite plus 2.
A technique many sysadmins (and hackers) know, network tracing allows targets to be tracked down to their actual IP addresses
if successful. To trace a target, the GM will roll a QC of your technique versus the target’s encryption Hardness (0 if not using
encryption) plus, if successful, margin of success from their Computer Security, plus +1 for at least 10 zombie proxies in use
and an additional +1 for each extra order of magnitude in use (e.g., 1000 proxies give +3); regular proxies do not count since the
target’s IP is still exposed through them. If you tie or win, it means the target’s IP was traced; a critical failure by the target also
means their HWID or similar hardware identifier was traced. A loss by the target’s proxy penalty or less means you’ve traced a
proxy (and possibly triggered the target’s tracing software), reducing the target’s proxy penalty by (Proxy Penalty - Margin
of Loss), but loss by more than the proxy penalty means you’ve been led off track. Critical success by the target or critical
failure by you means you don’t know it’s failed, believing the IP address you traced to be the target’s (i.e., the GM lies to you).
You may make repeated attempts at no penalty. Critical success by you has no special effects. If you failed because of proxies,
you won’t know how many proxies you still have left to get through.
Being traced? If a target of a trace has tracing software on their proxies and those proxies have been traced, the GM roll a QC of
the software’s Network Trace versus the tracer’s Network Trace. Winning means the target knows he’s being traced, and if
the tracer critically fails too, his own IP address is traced! The target may try to trace the target back at +2 on his side of the
QC.
Anonymity
To cut down on risks, a good hacker is always on the move,
changing IP addresses and often also devices like soiled
diapers, so that by the time someone manages to find his IP
address or hardware, the hacker is almost always long gone.
Many smart hackers also have long chains of proxies
spanning several countries, as well as multiple automated
network tracers present on some of those proxies.
Tracing software: Automated tracing programs have the Network Trace level of their programmer.
Modifiers for the tracer: -2d+4 to impossible if logs were carefully scrubbed, -1d if logs were outright wiped or mutilated, no
modifier for intact logs, +1d if hardware/browser/program identifiers were logged and the target isn’t using proxies.
What do I do with an IP address? Roll Research to trace the IP down to the city level; if you have telecom Contacts or access
to telecom databases, you can get a precise address at a -2 penalty to your roll (or theirs for a Contact). Public IPs (like most
residential and commercial IPs) give up to a +3 bonus, but certain private IPs may give you up to a -3 penalty.
“Script Kiddies”
A “script kiddy” is someone attempting to use software,
usually hacks or access elevation exploits, without technical
skills. If you are using software that provides a skill or
technique you don’t have or wish to use the software’s skill
or technique level rather than yours, roll against your
Computer Operation plus any bonuses or penalties for
the software’s ease of use; if this roll succeeds, then resolve
the original roll using the software’s skill or technique level.
Routine use of skill-providing software does not require a
Computer Operation roll and gives the full +4 bonus for
routine use to the software’s skill or technique.
Hardness
Current-day (qTL8.75-9) examples are provided for reference. Base Hardness is twice the software or hardware’s Complexity.
Subtract 2 for each quarter-TL that has passed since the software or hardware’s last update; for hardware, subtract 1 if Old and
add 1 if Advanced. If Hardness comes to 2 or less, increase it back to 3, then add all applicable modifiers from below.
The modifiers below apply to all QCs:
• Updates: Pick the highest applicable: +2 for up-to-date software, +1 if the software or hardware’s last security update was
at least a week ago, +0 if at least a month ago, -1 if it hasn’t been updated for three months, -2 if it’s six months out of
date, -3 if it’s a year out of date. Add another -1 for every full year after the first since the last update, up to -5; e.g., a
system five years out of date gets a -4. Note: Yes, this is cumulative with modifiers for being one or more quarter-TLs out
of date - obsolete stuff is far easier to hack into since exploits for it are well known.
• Hardware security quality: If hardware, firmware or an OS is targeted, roll the hardware manufacturer’s Engineer
(Electronics) + 2 - (Complexity × 2) + Quality Modifier and add the margin of success or failure as a modifier,
or add their Engineer (Electronics) - 8 - (Complexity × 2) + Quality Modifier (keep zeroes and negatives). This
assumes some extra time was taken to fix bugs. See Software and Hardware Security Quality below for more.
• Software security quality: If software is targeted, roll the programmers’ Computer Programming + 2 - (Complexity
× 2) + Quality Modifier and add the margin of success or failure as a modifier, or add their Computer Programming
- 8 - (Complexity × 2) + Quality Modifier (keep zeroes and negatives). This assumes some extra time was taken to
fix bugs. See Software and Hardware Security Quality below for more.
The modifiers below apply to QCs against Research:
• Software obscurity: -1 to -5 for widely used software (e.g., Windows, server Linux), no modifier for specialised or less widely
used software (e.g., macOS, desktop Linux, CAD/CAM programs), +1 to +5 for very obscure software. Add another +1 to
+5 for lesser-known variants of widely used software. Don’t apply this modifier if software or firmware isn’t the target (as
with EM Analysis).
• Hardware obscurity: Add +1 to +5 for rare CPU architectures or hardware or +6 to +10 for really obscure architectures or
hardware. Use the full modifier if firmware or hardware is the target; halve this modifier, rounding down, if an OS is the
target; do not apply this modifier at all if other software is the target.
The modifiers below apply to QCs against anything other than Research:
• Firewalls: Pick the highest applicable: +1 for a basic OS firewall, +2 for a decent firewall, +3 to +5 for custom firewall
setups, +5 to +10 for cutting-edge high-security firewalls. Notes: Do not apply modifiers if the firewall has been disabled or
bypassed; disabling or bypassing a firewall requires Access 4. Do not apply firewall modifiers if the hacker has physical
access to the system.
• Access: Add (Software Access - User’s Access) × 2; minimum is 0. This modifier is reduced by gaining increased
Access to a target system and can be reduced by exploiting lower-Access software instead of the OS directly. Most software
has Access 2 or 3, daemons have Access 3 to 5, OSes have Access 5 and firmware has Access 6; see Access below for more
information. Don’t apply this modifier if EM Analysis is being done.
• Repeated attempts: If a secure or very secure access control program is present (see Access control programs below), add +1
for every previous or concurrent attempt to use an access elevation exploit or code injection after the first. This “attempt
counter” usually takes several weeks or even months (or removal or resetting of the software) to reset. Don’t apply this
modifier if EM Analysis is being done, you’ve overridden the access control program, or you’re at Access 5 or more.
• ROM file protection: +10 if the software is firmware, i.e., loaded from a BIOS ROM. Notes: Do not apply this modifier to
reading the ROM if the BIOS allows it. You may be able to modify the ROM using a firmware flasher at Access 5.
• Obfuscation: Add the obfuscation bonus from the obfuscator used on the software. For commercial software or video
games, you can use the developer’s Computer Programming - 8 instead; if lacking Low-Level familiarity, subtract 2;
the modifier has a minimum of 0. This makes the realistic assumption that the obfuscator’s Cryptology is usually on par
with or better than programming skill. Don’t add this modifier if the target was successfully deobfuscated.
• Hardware security: Apply this modifier if EM Analysis (see above) is being done. Pick the best applicable: +5 to +10 for
RF/EM/EMP shielding or +10 for photonic hardware.
• Network capacity and DDoS protection: Pick the highest applicable: +1 to +5 for basic DDoS protection or +6 to +10 for
advanced DDoS protection (like CloudFlare). These modifiers only apply for DoS/DDoS attacks.
• AIs: Add IQ - 4 for a sentient AI; add (IQ - 4) ÷ 2, rounded up, for a non-sentient AI. Minimum modifier is 0. Note:
This modifier reflects both the programmatic complexity and flexibility of AIs.
Hacking AIs
To hack an AI system (i.e., any computer, android, device,
etc. with an IQ stat), roll a Quick Contest of your chosen
hacking technique versus the AI’s Will or Hardness,
whichever is highest; do not count Will if the AI isn’t
sentient. The targeted AI may roll Expert Skill (AI
Security); success gives +2 to their side, critical success
gives +4, failure gives no penalty and critical failure gives -2.
Sysadmin!
If you are unlucky enough to have a sysadmin, user or other
hacker trying to actively thwart your hacking, roll a QC of
your Computer Operation versus the other
user/hacker/admin’s Computer Operation. Both sides
take a cumulative -3 for every Access level below 5, but may
claim a margin-of-success bonus from a successful
Computer Security roll (if they have the skill); critical
success adds +3 to the margin. There is no penalty for
failure or critical failure on Computer Security. If the
attacker wins, the attacker has managed to kick the defender
off the system. if the attacker ties, he gets a -3 penalty to
further hacking rolls because of the defender trying to kick
him out (unless the defender decides to let up). If the
attacker loses, he’s kicked out of the system.
Magical Computing
If you need to determine the Hardness of a computer or
software that is not tech-based, use the relevant skill level,
spell level, technique level, etc., of the caster or creator as
Hardness instead of determining it with the above method.
If no level is available, use the caster or creator’s IQ, plus
any trait or skill bonuses that apply to the creation of the
computer or software.
Access
There are seven levels of Access, from 0 to 6. Any user at a given Access level may execute or stop programs running at that
Access level or below. Users can also create, modify or delete files associated with that Access level or below. Users at Access 3 or
below cannot manage programs or files associated with a different user.
Access 6: Complete, unfettered access to the targeted computer system via firmware installed on its BIOS ROM, allowing you
to, say, install nearly undetectable backdoors. Software installed at this level, called firmware, gets a +5 to Quick Contests. Users
at this access level can manage any file or program on the system in addition to the perks of having Access 4+.
Examples: The earliest computers, at qTL6.75 through qTL7.25, gave you this much access by default since they had no real
OSes. Any system backdoored through a flashed BIOS also gives you this much access.
Firmware Flashing
In order to get Access 6 at qTL7.5 through qTL8, you
typically have to physically replace and resolder the ROM
chip, which requires 30 minutes and an Electronics
Repair roll (add any applicable repair difficulty modifiers).
The old-fashioned soldering method may still be used after
qTL8, as long as the computer is repairable. However, at
qTL8.25 and afterwards, most BIOS ROMs become
“flashable” for easier updating. To get Access 6 this way, you
need to use a special piece of software called a firmware
flasher at Access 5. Many qTL8.5+ systems require the
hacker to either have a valid BIOS key, have “legit” firmware
that hasn’t been tampered with, or win a QC of the flasher
programmer’s Computer Programming (at -2 without
Low-Level familiarity) versus the BIOS’s Hardness (separate
from OS Hardness if it isn’t the OS) to flash the BIOS. Any
program within the BIOS’s Complexity limit can be
installed as firmware; a hacker will most often install a RAT
bundled with a programmable daemon.
Firmware Flashing
Firmware Complexity: Before qTL9.5, firmware may be at
most Complexity 3 and is often merely Complexity 2 to
reduce the number of security holes and exploits. At TL9.5
and afterwards, firmware may be at most the computer’s
Complexity - 1, but Complexity is still usually kept as low
as possible. Exception: At any quarter-TL, Complexity 3
computers allow firmware to be installed at Complexity 2,
and Complexity 1 and 2 computers can have firmware
installed at the computer’s full Complexity.
ROM Reading: You may use a firmware flasher to dump a
computer’s ROM, giving you a copy of its binaries, if the
BIOS doesn’t otherwise expose it to the OS. Again, Access 5
is required. To dump a computer’s ROM with a firmware
flasher, win a QC of the flasher programmer’s Computer
Programming (+2 with Low-Level familiarity, no modifier
without it) versus the BIOS’s Hardness.
Access 5: Almost unfettered access to the targeted computer system, allowing you to delete and overwrite critical system files
and built-in software - basically everything outside of the BIOS - to your heart’s content, backdoor the system’s OS for later
access, etc.
Examples: Most qTL7.25-qTL7.5 computers give you this much access by default; physical barriers and checkpoints are the
typical access-control mechanism in this period. Many qTL7.75-8.5 OSes (notably DOS and CP/M) also give you this much
access by default. Rooting a device by using access elevation exploits also gives this much access.
Access 4: Enough access to the system to install and remove any non-system software and even some system software, shut the
system down, reboot it, add or remove user accounts, and do most of what the system is capable of. However, this is not enough
access to delete or modify critical system files or remove critical system software (or other software the user or manufacturer may
have “built in”). Users at this access level and above can restrict lower Access levels from reading, modifying or deleting files that
this Access level has access to.
Examples: Most workstations and smaller-sized computers before qTL8.5 once unlocked. Many smaller domestic computers have
appallingly low security through TL9.25 though.
Access 3: Enough access to do anything a normal non-administrative user could do on the system. You can delete, modify or
create files owned by the user account you have access to. You may be able to install some software at this access level, but it’s
often quite restricted. Many computers allow the user to reboot or shut them down through the interface at this Access level, but
OSes may be configured to deny reboot and shut-down access to users at this level; this doesn’t stop the machine from being
physically unplugged or rebooted or shut down using the physical power button (if it has any).
Examples: “Standard” user accounts on most desktop and personal OSes, a qTL8.25 innovation that did not become widespread
until qTL8.5. The usual level of access for most game consoles.
Access 2: Enough access to do anything the accessed process (running program) could do. This includes anything that programme
could normally do. This amount of access is what is usually provided by a successful Code Injection. Access to files is normally
limited only to files the program needs to run or access at this level.
Examples: “Admin access” on most databases and game servers.
Access 1: The normal level of access a user has when logged into an account on most websites or remote systems. Users cannot
manage files or programs at this access level unless the software allows it.
Examples: Most websites, really.
Access 0: The default level of access to most ’net servers, such as when making searches, viewing web pages, watching videos,
playing online games, etc. You’re not even logged into a user account here. Users cannot manage files or programs at this access
level unless the software allows it.
Examples: Login and authentication prompts on most OSes and websites (or the equivalent). TL7 OSes often elevate you to
Access 5 upon successfully logging in, most TL8 desktop OSes elevate you to Access 3 upon logging in, and most websites elevate
you only to Access 1 upon logging in.
Equipment
New Computer Options
The following new options are available for computers:
• Video Game Console (qTL7.75+): The computer can only run video games (and only one at a time), but you may use the
computer with any video gaming skill instead of Computer Operation. Default Access level is either 0 or 3. Rooting a
computer with this option requires an access elevation exploit programmed as a trojan inside a video game or physically
replacing the ROM chip with one that removes the limitations. When the computer is rooted, it loses this option. No cost
multiplier.
• Firmware OS (qTL7.75+): The computer has an OS installed as firmware. Software Complexity is limited to that of the
firmware OS. This option is often seen in cybernetics. Cost multiplier is anywhere between ×0.2 and ×1; if a firmware-based
microcontroller would logically be integrated into a non-computer item, don’t increase the item’s cost unless the firmware
provides a skill, technique, advantage or perk. If a hacker or cyberneticist installs firmware that provides a skill, technique,
advantage or perk into any item of yours, including bionic limbs, they’ll usually ask you to pay the cost for a computer with
this modifier.
• Case Lock (qTL7.5+): The computer has a lock installed on its case to prevent unauthorised users from getting physical
access to its innards. It optionally also prevents users from physically rebooting or shutting it down, with an extra option
to lock away the power cable. Pick any lock available at the TL, then add the cost of that lock to the computer’s cost after
all CF and cost multipliers. Case locks may be bypassed with Forced Entry, but note that this has a good chance of
damaging the computer’s innards. Corporate computers often have this option. Not available for SM-3 or smaller computers;
tiny computers can still be locked up in a regular lockbox though.
• Wireless (qTL7.75+): Allows the use of wireless networks and peripherals. Before qTL8.5, add $1000 and 0.25 kg to
computers with this modifier. Wireless signals can be intercepted with EM Analysis (see above; target is the signal’s
encryption method/software).
Television Screens
A television set may be used instead of a terminal. It
provides the effects of a standard terminal with No Input
Devices at that quarter-TL, including the +1 video gaming
bonus for CRTs. Flat-screen television sets become available
at qTL8.5.
Proxies
Proxies allow a computer user to do various network-based tasks with a degree of anonymity.
• Proxy server (qTL7.5+): Proxy servers may be used as a bonus for DoS/DDoS attacks. Critical failure on a network-based
attack using proxies means you’re being traced through the proxies (see Network Trace above). Minimum Complexity
of 3; does not require an interface (outside the built-in Machine Interface) since it’s accessed remotely. Has a RAT and
daemons installed. LC4.
• Rented proxy server (qTL7.5+): Works like a regular proxy server, except you don’t own it. However, if you lose rented
proxies to a failed DDoS attack, they’ll “regenerate” in 1 month (3 months at TL7, 10 days at late TL8+) as proxy IPs are
switched out. Unfortunately, this comes at a price: Roll versus (6 + 1d + Hardness) every month once for every organisation
you’re renting proxies from. If that roll fails, the organisation renting out proxies is raided or shut down and you lose all
proxies rented from that organisation, and failure by 5+ or critical failure means you are traced (see Network Traces below).
Base price is $10d/month at TL7, $2d/month at mid-TL8, $1d/month at late TL8+; roll once for each organisation renting
out proxies. Prices are for Hardness 5; add 15% for each extra level of Hardness or subtract 15% for each reduced level.
• “Zombie” proxy server (qTL8.25+): A botnetted computer used as an anonymous proxy. Each “zombie” allows you an
extra attempt at a network-based attack at no penalty. Like other proxies, these can be used for DDoS attacks, giving
the usual penalty for trace attempts. Roll versus (3 + 1d + Hardness) every month. Failure means you lose the proxy,
critical failure means a trace (see Network Traces below). $2d+3 each at mid-TL8, $1d each at late TL8+ (roll only once for
each seller if buying in bulk). Typically available only on the darknet. May be obtained for free by hacking low-Hardness
computers and installing an automated RAT. LC2.
Other devices
• Video game console (qTL7.75+): A computer with the Video Game Console option (see New Computer Options above)
and, in models having Complexity 3 or below, Firmware OS. TL8+ consoles typically come with specialised anti-malware
software that flags anything that isn’t a legitimate game as malware. Comes with a game controller, but no terminal.
(You’re expected to own a spare TV set or terminal.) Anywhere from $50 to $525.
A Cornucopia of Software
Almost all software can be had for free, legally or illegally, so no costs are listed. If you want to establish prices for software,
you can research software prices for the quarter-TL or come up with your own. All software listed here requires Computer
Programming to program, obviously, aside from any other skills listed with the particular software (use the lowest modified
prerequisite skill).
Programming Quality
Add a +2 bonus to Computer Programming rolls for
cheap-quality software, or a +2 or +4 penalty for fine or
very fine quality, respectively. Cheap-quality software gives a
-2 penalty to whatever it does for you (and/or counts as
cheap equipment), whereas fine or very fine software give a
+2 or +4 bonus (and/or counts as fine or very fine),
respectively, to whatever it does for you. Making
cutting-edge software (+TL/2 bonus) takes a penalty to
Computer Programming equivalent to the bonus the
software gives. Critical success on the software prototype
roll ups the quality by one step, up to very fine, and critical
failure lowers the quality by one step, down to cheap.
Security and quality: The above modifiers to Computer
Programming also affect the skill when used to determine
Hardness.
Multitasking software (qTL8+): Allows multitasking on a Complexity 2 or 3 computer that doesn’t otherwise have it built into
the OS. Complexity 2 or 3. Does not take up a running program slot unless it’s cheap-quality software.
Interface software (qTL7.75+): Allows use of an interface type not supported by the computer’s OS. Complexity is that required
to run the interface normally. Does not take up a running program slot unless it’s cheap-quality software.
Multitasking
Multitasking is the ability to run more than one program on
a computer at the same time; this feature is usually available
on computers of Complexity 3 and always available above it;
if not available on the computer, it can only run one
program at a time (daemons and programs started by them
don’t count).
Multitasking Skills: You cannot run multiple programs that
enhance or provide the same skill or technique at the same
time (technically, you can, but you can only use one running
instance of your choice), with the exception of access
elevation exploits. Running multiple identical hacks or
access elevation exploits counts as multiple concurrent
attempts (see Hardness above). You can run as many video
games as your Complexity and running software allow, but
you can only actively play one at a time (unless you have
Compartmentalised Mind).
Video games (qTL7.5+): Everyone knows what these are. Complexity for current-qTL games is usually either that of a medium
computer or workstation at the qTL or one level less. At qTL8.75-9, games are often Complexity 3 or 4.
Video game cheats (qTL8+): Often called “hacks”, but the worst they can do is annoy gamers and game server admins. Most
single-player game cheats require no roll to use, assuming you know about them and have them installed, but a few cheats (e.g.,
the infamous Konami code in qTL8 and qTL8.25), require a DX-based Games (Video Games) roll (or specialised DX- or
IQ-based Games skill or Hobby Skill for the game in question). Usually free; often built into single-player games. LC4.
Cheats or Hacks?
Hacks that exploit bugs in multiplayer games are often
bundled with cheats, which often leads people people to call
the cheats “hacks” and gives multiplayer game cheats a bad
rap among game developers and game server admins.
Makin’ Cheats
To program video game cheats, roll a QC of Computer
Programming (-2 without Video Games familiarity);
complementary Computer Security, Hobby Skill
(Speedrunning) or Hobby Skill (Video Game
Cheating) provides +2 to this roll on a success and +4 on a
critical success. Programming cheats takes ((game Hardness
- game Complexity) ˆ 2) minutes (minimum of 30 minutes).
Success means you have a working game cheat/hack with 1d
bugs and glitches; critical success means you have no bugs or
glitches and may even have 1d-3 (minimum 0) extra minor
features. Failure means you don’t have a working hack and
critical failure also means you think the hack works, giving a
-2 to video gaming rolls where you’re using the borked hack.
Having assembly code gives +2 and source code gives +5 to
programming rolls. If the game has anti-cheat or DRM, roll
a QC versus the game’s Hardness. You need to win the QC
to get a successfully working hack; critical success gives the
usual benefits provided you won in the first place.
Disassemblers, decompilers and deobfuscators (qTL7.5+): These are used to reverse-engineer software, giving a bonus to find
exploits and the like. LC4 in free societies, LC3 in more controlled ones.
• A disassembler allows you to disassemble software executables. At qTL7.5-7.75, disassemblers only support one CPU
architecture, but at qTL8+, disassemblers support most or all widely used CPU architectures. Complexity 2. Low-Level
familiarity plus familiarity with assembly language needed to avoid penalties when programming one of these; add another
-2 if programming for multiple architectures.
• A decompiler, usually bundled with a disassembler, gives an extra +1 to Computer Programming and Code Injection
on top of the +2 for having a disassembly. Fine decompilers raise that +1 to +2 and very fine ones make it +3 - equivalent
to having full source code. Unfortunately, some languages (C and C++, for example) can’t or don’t have fine and/or
very fine decompilers. Not available until qTL8. Complexity 3. Programming one of these is at a -6 penalty; Low-Level
familiarity (+2) plus familiarity with both the assembly and compiled language (+2 if you have both) negates up to -4 of
the penalty.
• A deobfuscator attempts to deobfuscate software binaries and/or disassemblies. A deobfuscator works on only one obfuscation
format. Some decompilers and disassemblers come bundled with one of these. See Deobfuscation for more.
Obfuscator (qTL7.75): Used to obfuscate software binaries to stymie disassemblers and decompilers. An obfuscator works on
only one language. Cryptography is required to program one; the prototype roll’s margin of success is the obfuscation bonus.
If taking at least +2 in extra time, you may opt to use Skill Level - 10 + Extra Time Modifier instead to determine the
margin of success. Complexity 3. LC4 in free societies, LC3 in controlled societies.
Deobfuscation
If a software binary is obfuscated (as is the case with most
popular video games), win a QC of the highest of
Computer Programming (-2 with Low-Level familiarity,
-4 without) and Cryptography (-2 for unfamiliar
obfuscation techniques) versus the software’s Hardness to get
a useful disassembly or decompilation. A disassembler and
both skills are required; you can’t use either skill at default.
Deobfuscation attempts take (Software Complexity ˆ 2)
hours. A disassembly can never give more than +3 on
deobfuscated code. If using a deobfuscator, use its
programmer’s skills rather than the user’s. Programming a
deobfuscator requires the skills used to deobfuscate at the
same penalties, in addition to a deobfuscated disassembly in
the target obfuscation format; always use modified
Computer Programming as the software’s skill, even if
it’s higher than modified Cryptography.
Rainbow table (qTL8.25+): Required to use Rainbow-Table Decryption. Data, 100 GB. ×0.2 size for cheap quality (-1
penalty); ×3 size for fine quality (+1 bonus); ×10 size for very fine quality (+2 bonus). Size multiplier for quality also affects the
time taken by Rainbow-Table Decryption. LC4 in free societies, LC3 in more controlled ones.
Virtual machine software (qTL7.75+): Allows you to emulate a (usually older) computer or other electronic device on your
(typically newer and more powerful) computer. The Complexity of the emulated device and its software may not exceed the
Complexity of the “bare metal” machine, or Complexity - 1 if the emulated and “bare metal” architectures are significantly
different (e.g., ARM vs x86-64). Very alien architectures may limit emulation to Complexity - 2. VMs are often available to
emulate software from the previous TL, and may be available for software older than that. Hacks and access elevation exploits
(below) cannot break out of VMs. LC4.
Access elevation exploits and rootkits (qTL7.5+): Software used to exploit bugs or loopholes in OS or application programming in
an attempt to elevate access. A rootkit is exploit software specifically designed to elevate Access 4 to 5. These programs vary
widely in ease of use (typically from -4 to +2). Some of this software gives bonuses to Access Elevation for experienced users
(+1 to +3); many access elevation exploits and rootkits grant the programmer’s Access Elevation technique level when used,
allowing them to be used by unskilled “script kiddies” with only Computer Operation. LC3 in free societies, LC2 in more
controlled ones.
Firmware flasher (qTL8.25+): Software used to “flash” - i.e., overwrite - firmware, allowing a hacker to get Access 6 without
having to physically replace ROM chips. Needs at least Access 5 to use. Firmware flashers are often used legitimately to install
security updates to firmware. See Firmware Flashing above. May be bundled with rootkits and access elevation exploits to get
the Access 5 needed to flash. LC4 in free societies, LC3 in controlled societies.
Anti-malware software (qTL8+): Software designed to detect malware of all kinds, including code injection attempts. See Malware
and Anti-Malware below. Complexity 2 in qTL8 and qTL8.5; Complexity 3 thereafter. LC4.
RATs, scripts and daemons (qTL7.5+): These are software allowing a user (or hacker) to remotely or automatically control a
computer after it is installed.
• A RAT (remote-access tool) negates or reduces the -2 remote-use penalty to Computer Operation on a remote computer
that a hacker has access to, as well as allowing persistent access at the Access level it is installed at across reboots. You need
at least Access 3 (or, on more secure computers, Access 4) to install a RAT. Installing a RAT while the hacker has physical
access is a regularly employed hacking strategy. RATs are often “legitimately” used to monitor students’, employees’ or
children’s computers. “Black-hat” RATs are often bundled with hacks or access elevation exploits.
• Scripts are software designed to automatically perform various basic computer management tasks; scripts use the pro-
grammer’s Computer Operation, plus modifiers from OS familiarities and interface quirks and perks, as a built-in skill.
Complexity 2. Scripts do not require installation to run. In GURPS terms, a script can use simple procedural if-then
statements and “while/until” loops to run other programs, including daemons and other scripts. Scripts can be as complex
as desired, but try not to go overboard. Multiple scripts can be executed at the same time.
• Daemons are software that starts other programs at a programmed time and/or frequency. Some daemons are easily
reprogrammable, giving between +1 to +5 to Computer Programming (no field familiarity needed) to reprogram them.
In GURPS terms, a daemon can run programs, including scripts but not other daemons, at its current Access level as
frequently as once per minute or at any set time; a daemon can start as many programs on as complex a schedule as desired.
Multiple daemons can be used to simplify organisation or if you need to start certain programs at certain access levels.
Installation requires at least Access 3. Does not take up a running program slot unless it’s cheap-quality software.
Hacks are software that automatically performs programmed operations for the hacker (or, for that matter, legitimate user).
At TL8+, hacks often have an access elevation exploit built in and can often copy themselves and spread. Hacks often don’t
require much more than basic Computer Operation to use, but Computer Security is needed to program them. Here some
common types of scripts:
• Keylogger: Logs a user’s keypresses from whatever it has access to. Access 4 is needed to log computer and device passwords;
Access 2 is usually good enough for bank, chat and forum passwords and the like. Complexity 2 at minimum.
• Virus: Automatically copies itself. These hacks are usually high on the maliciousness scale, but some famous qTL7.75-8.5
viruses were relatively innocuous. Most viruses need at least Access 3 to run, but some sneaky higher-quality viruses can
run at Access 2. Complexity 2 at minimum.
• “Computer fryer”: Overloads processors, hard drives or other hardware with the goal of causing them to corrupt, jam,
overheat or burn out. See Burning Silicon below for the gory details. Must be of the computer’s Complexity to have any
effect. Very malicious; LC2 or less.
• Ransomware: Combination of a daemon and encryption software that encrypts the poor target’s user files and holds them
ransom unless the user pays money, typically in the $100-to-$500 range, but often much higher if a large corporate system
is targeted. If the ransom isn’t paid within a short period, usually 3 to 7 days, the files are deleted and wiped. Complexity
3 at minimum.
• Trojans: Hacks designed to trick the user into installing them, typically by looking like more legitimate software. Programming
trojans requires a copy of the legitimate software to be bundled with first as well as a copy of the software to be concealed.
Roll a QC between the trojan author’s Computer Security and target’s higher of Computer Security and Detect
Lies when the target installs the trojan; if the user wins, he realises it’s a trojan and doesn’t install it (or removes it
immediately); on a tie, he realises after installation. Use the target’s Hardness in the QC if you’re trying to trick the
computer itself rather than its user; sentient AI targets use the highest of Hardness, Will, Expert Skill (AI Security)
and Detect Lies. Trojans may have up to the bundled legitimate software’s Complexity, but get a -2 to the author’s side
of the trojan QC if not lower then the legitimate software’s Complexity.
This software goes by many other names - e.g, trojans, viruses, botnets, worms - but all belong to the same basic two types. LC
varies depending on maliciousness.
Burning Silicon
“Computer fryers” are some of the most malicious hacks out there, but fortunately also the least commonly used by professionals
in the trade. Once installed, running and past the computer’s defences, roll a QC of the hack programmer’s lower of Electronics
Repair / Engineer (Electronics) (use the higher electronics skill) and Computer Programming (Low-Level field) versus
Hardness to fry a computer. If the hack wins, the machine is damaged, requiring repairs worth (Margin of Winning × 10%)
of the computer’s cost. If the poor computer has a critical failure or loses by more than 5, it’s a useless doorstop now; there’s too
much damage to repair. Bomb Squad: Fryers require several minutes to run, so an attentive computer user might be able to kill
the program before it does any damage; see Sysadmin! above, but use the fryer programmer’s Computer Programming for
the attacker’s side in the QC. |
Why Would You Ruin a Perfectly Good Computer?
If you have physical access to the machine, a spray of dust or
a spilled cup of water (or coffee, the IT guy’s favourite) is
much faster and usually more reliable (but less stealthy)
than a computer fryer. Spilled liquids fry electronic
motherboards and the dust clogs fans, giving the same
effects as a critical success by a computer fryer. These
methods likely won’t work on machines made after qTL9.5
and definitely won’t work on waterproof or ruggedised
computers.
Rushed? If you’re in a rush, you’ll need to roll DX to ruin a
computer you have physical access to. On a success, the
machine is damaged, requiring repairs worth (Margin of
Success × 10%) of the computer’s cost. On a critical
success, it’s a useless hunk of silicon (or other kind of
computronium) now. Failure means the liquid spill or dust
spray didn’t damage anything. Critical failure means you’ve
blinded yourself for 1d turns if trying to spray dust (those
with Nictitating Membranes are immune), or spilled the
liquid on yourself if trying to spill liquid.
What Else? A gunshot might do the trick; you don’t need to
roll to hit unless rushed or the computer is really small or
large. Do feel free to come up with other weird and wacky
ways to ruin perfectly good computers if the above methods
aren’t quite enough.
Getting RATty
Winning a Quick Contest of Soft Hacking versus a
computer user’s Computer Security or social counter skill
lets you convince the user to install a RAT for you if he has
at least Access 3 (assuming installation at that access level is
allowed, otherwise Access 4); the RAT will have the user’s
current Access level. The targeted user obviously must be
able to download or otherwise obtain the RAT in order to
install it.
Access control programs There’s a wide variety of software available for controlling access to a computer system or program,
especially after qTL8. This list of access control programs is listed in order of the TL it first appears at. After qTL8, most access
control software is built into the OS.
How access control works: Access control programs can grant access to the computer at their installed Access level or any level
below it, and can run additional programs of any kind upon authentication, in addition to or instead of granting a higher Access
level to an authenticated user. These programs can drop an unauthorised user’s access level to any level below the one they’re
running at, not to mention that they allow Access levels below 5 to exist in the first place.
Secure Access
Access control programs come in four quality levels:
Cheap (qTL7+): Practically only keeps the honest out.
Treat as an out-of-date cheap program.
Standard (qTL7+): Your standard no-frills security.
Available at any TL where access control programs are
available.
Secure (qTL8+): Can be set up to lock up the system or
program after a programmed number of failed
authentication attempts. Minimum required Complexity is 2.
Equivalent to fine.
Very secure (qTL8.25+): Atempts to use access elevation
exploits are cumulatively penalised (see Hardness above).
The program can be programmed to trigger other programs
(usually anti-malware software) and/or notify someone
(usually the owner or an admin) upon failed authentication
or a breach attempt. Minimum required Complexity is 3.
Equivalent to very fine.
Yes, a very secure access control program can be set to
trigger other access control programs upon failed
authentication or a breach attempt.