Hello everyone,
I recently started to play SR4 with my friends and I opted to be the Hacker (Technomancer, Info Savant, to be more specific). I tried to get the rules, but after I am at their end, I find myself asking a question that would be answered way at the start, then I go again, but the whole process repeats. In short: I think I didn't get all the rules right. Or the interactions between them.
Let me draw to you in broad strokes the situation we are in right now:
A small company will obtain a delivery of superconductors in two days and we are tasked to find out what the company is up to do with it, so retrieving blueprints and stuff. Obtaining actual prototypes to the Johnson gives extra cash.
After I probed the target for an Admin account, its now afternoon (the dice didn't like me) and I will be going into the companies node in our next session. I intend to do the following:
1) Get into the node
2) Copy the schedule of that day to see when the delivery arrives and how the guard duty will be
3) Create a legal Security or Admin account for myself to use in two days, when the run will take place.
4) Obscure my doings such that the access log does not immediatly show the creation of a high security account by an Access ID that triggered an alarm.
Now on to my questions:
1) Not really a question concerning the entering here. But I willl compile either a Rating 6 Courier Sprite with Browse and Decrypt or a Rating 6 Data Sprite with Sniffer and Stealth to assist me.
Now the way I understand it, the Courier Sprite is well hidden due to its Hacking and Stealth, but bad at decrypting an encrypted file due to its lack of the Electronic Warfare Skill.
The Data Sprite on the other hand does not have the Hacking Skill and thus is hidden not as good as the Courier sprite. However, it has Electronic Warfare and can decrypt files.
Is this correct? Agents automatically have some skills at their Rating, while Sprites have the Skills listed with them at their Rating?
Now I thread up my stealth complex form a little and enter the node, giving it an Analyze + Firewall (my Stealth) test to detect the intrusion.
Here is a question now: According to Unwired, the Access Log of the Node will still log my Access ID and my Verification status in (System) Combat Turns. I assume there is a passkey required, which I don't have.
Therefore, the Node will trigger an alarm. Will it also trigger the alarm, when I already logged off before the time limit is up? (So is there a chance to avoid this automatic alarm?)
2) Once on the node, my Sprite or I will Browse for the file, analyze it to see possible data bombs and its encryption status (how did I find that this specific file has the data I want if it is encrypted?!).
After getting rid of the bomb and the encryption, I copy the relevant data on my device. Is this a Transfer Data action, or do I need to edit the file to copy from it? Also, could I just copy the file and worry about decryption and bombing later on my local device?
3) I have admin level access, so a simple Computer + Editing test should be sufficient. Or does the threshold raise to 3 or 4 also with admin privileges? (It does when one wants to hack-create the account with user privileges only.)
As long as this particular account does not show up as being created by a dubious source, or found while performing dubious activities, it should only be recognized as invalid with a security audit.
I think the audit is an Extended Test (Stealth) with a period of 1 day. (I did not find it right now.) So it is likely that the audit is not finished two days from now when the run takes place and the legal account might still be accessible.
4) Ok, so now I would like to erase the most away-giving leads to my activities from the Access Log. Therefore, I search and check this file, after which I edit it. But wait, my doings are not yet listed in there. And once they are, the system sees that I have no passkey and triggers an alarm.
I see two ways to proceed:
a) Endure in the node until the Access Log updated far enough for me to edit my stuff, which will expose me to IC and spiders.
b) Relog with the newly created legit account and edit the Access Log from there. If timed correctly, the spider might not have the change to look into the Access Log before I have edited it and I can write something like "IC went off accidently, needed to edit Access Log to remove the trigger"
Am I missing some obvious holes in my plan? How would you proceed to hack a system prior to the run and leaving you a possibility to operate more easily during the run?
Cheers,
AT-Colt