[SR5] Rolling for legal matrix actions

  • 20 Replies

Stainless Steel Devil Rat

  • *
  • Errata Coordinator
  • Prime Runner
  • *****
  • Posts: 4572
« Reply #15 on: <07-28-20/1548:42> »
Got a mark on the host? great.  You can get in.  You still don't have any marks on any icons INSIDE the host.  Marks only flow upstream, they don't flow downstream.
Changing this in 6e so they do flow "downstream" is (IMO) one of the key decisions that makes 6e's Matrix better, and well worth considering as a 5e houserule.

Agreed.  Access Levels are basically (but not exactly...) marks by another name.  Not having to gain access to a file inside a host after you already gained access to that host is a big improvement that streamlines play.

It's a quirk of 5e's matrix rules that there's literally no benefit to having 2 or 3 marks on a host. All you ever need is 1.
RPG mechanics exist to give structure and consistency to the game world, true, but at the end of the day, you’re fighting dragons with algebra and random number generators.


  • *
  • Omae
  • ***
  • Posts: 804
  • Let's go. In and out. Twenty minute milk run.
« Reply #16 on: <07-28-20/1612:50> »
It's a quirk of 5e's matrix rules that there's literally no benefit to having 2 or 3 marks on a host. All you ever need is 1.
Yes! That is weird and bad.

(Also, off hand, the difference between 2 and 3 marks is really small. There’s a couple of places where actions have different amounts of some effect, like Data Spike, and (I think) one action that explicitly requires 2 marks. Other than that, they’re the same.)


  • *
  • Prime Runner
  • *****
  • Posts: 6465
« Reply #17 on: <07-29-20/0326:57> »
I was wondering if you need to roll for legal matrix actions like edit file.
Book is described from the point of view of a Hacker.
It does not explain how legal actions by legal users are resolved......

Do I as the owner of a file need to roll to read .... it?
There is never a test to Read a File Icon that is not Protected.

Do I as the owner of a file need to roll to ... edit it?
You as a willing Owner can choose to not Oppose your own actions.

If I give someone a mark on that file, do they have to roll?
You as a willing Owner can choose to not oppose their actions.

If not why do hackers with a mark on the file need to roll?
Because they are not really legal users, are they?

Are there rules to place a mark on a file? I see only rules for getting marks on a host or device.
Brute Force and Hack on the Fly can be used on File Icon. Not just Device Icons and Host Icons.

SR5 p. 236 Recognition Keys
The Matrix works the same way. If you can show a device or host or whatever that you have the right mark, you can go where you want to go. In Matrix lingo, “mark” is an acronym for Matrix authentication recognition key, which is part of the protocol that devices, personas, files, grids, hosts, and so on uses to identify legitimate users. Only personas may mark icons.

File Icons inside a Host will defend with Host Ratings, otherwise they will be defended by Owner ratings;

SR5 p. Edit File
The defender against this test is either the host holding the file or the owner of the file (if it’s not on a host).

What about other legal actions where somebody has the number of required marks?
Same thing.

How is it handled for normal workers on a host? How do they edit files they don't own? How can they get files out of an archive?
Not really covered by the rules. The rules reflect the point of view of a shadowrun decker (which can't just call up an archived file just like that - the hacker way would be to do a deep dive into the foundation).

What if a Technomancer used puppeteer to force a device to give them a mark.
A device cannot grant you a mark. Only owners can. You can puppeteer a device to do what it can normally do. Puppeteer a maglock to open up (even though you don't have marks on it), for example.

But if you puppeteer the Owner's Persona (or if you intimidated him in person, or blackmailed him, or used magic to force him, or used a con to trick him etc) to legally invite you to place your mark on one of his icons, then yes. But odds are he would be aware that he gave you the mark and he will probably take actions to revert, correct or report it to matrix security.

Well so a mage with mind control could force the legitimate user to access files and copy them into a data chip or online storage. Then the most difficult part of hacking would be to find a person with the correct access rights and get access to them. Or just force the person to give a legitimate mark to the Hacker.
This is a viable tactic, yes.
(but you might have to tie up some lose ends with this approach)

Well hacking could still be useful, but less.
In Shadowrun you will soon learn that there are almost always multiple ways to the same goal ;-)

I was thinking about the fileaccess. You could argue that having a mark on the host (which equals guest or user access) doesn't give you a mark on all files. Then you would have to use hacking to get a mark on the fly.
This is how it works in 5th edition

(Also, while talking about "files". The book is almost never just talking about a single "file" - it is almost always talking about a "File Icon" - and a "File Icon" is more like a whole directory or library or album... full of text files, spread sheets, video recordings etc that are all related and saved at one place, in one File Icon).

That might allow you to access the file without havizto roll for editing, but that would be a house rule.
In SR5 you also need to take a test to for actually copying (or editing) the File Icon.

One big reason for this is because you can be sneaky all the time up until you Crack the Protection of the File Icon (as long as you don't fail any tests that is). It is only after you successfully Cracked the Protection of the File Icon the Host will be aware of you and will have a small window of opportunity to act on you. If it was trivial (or automatic) to Copy the File Icon then there would not really be any risk involved. Trying (and often failing your first attempt!) to beat Host ratings in an attempt to down-load the File Icon while the Host is launching dangerous IC creates a heroic moment that you should think twice before you house rule away if you ask me....
« Last Edit: <07-29-20/0352:26> by Xenon »


  • *
  • Chummer
  • **
  • Posts: 158
  • It can't rain all the time.
« Reply #18 on: <01-18-21/0812:46> »
Seriously, as with our own times, social engineering probably should be the more powerful route to break into a system, with hacking being for when there just isn't time for that.  But that would make decker and technos even more niche, so we sort of wave our hands and say that doesn't work, without ever explaining why it doesn't work.
I kinda have an answer for this.

I've recently been writing (a lot) of Shadowrun Matrix fluff, trying to fill in little gaps that annoy me. It's more detail than you need to play the game, and mostly an intellectual exercise just to see if I can do it, but I'm enjoying the process anyway. I'm trying to explain stuff like "can you see through walls via AR" and "why can't I steal someone's persona" and "why can't deckers sit in a safe basement somewhere miles away" while staying within the spirit of RAW.

Here's what I have for why you can't steal someone's access:

Personas: your commlink as the keys to your life

When you boot up your commlink, the first thing you do is sign into it, via some combination of biometrics. This creates your persona, your digital mirror-image in the Matrix. The persona runs for as long as your commlink keeps it alive.

However, like any newborn, your persona comes into the world naked and powerless. So the next thing that happens is your commlink reaches out through the local mesh and up to various cloud hosts that live on the backbone.

Each of these hosts in turn establishes that the person using your persona matches their fingerprint. For users with direct neural connections, this is carried out as a brainwave challenge/response. The host reaches down through your interface and… pokes… your brain a little, inducing certain patterns. It measures how your brain responds to the poking, and compares it to patterns stored in very secure cloud hosts that were recorded as part of a cryptokey exchange when you created the account. If they match, the host is satisfied you are who you claim to be.

This process is completely safe, or so the corps insist. Any resemblance between the transient brainwave states triggered and those recorded in epileptics is purely coincidental.

This process is extremely difficult to fool, particularly for lots of hosts at once; although there are urban legends of particularly wily deckers pulling off successful man-in-the-middle attacks against people using trodes rather than datajacks.

Unfortunately, users without DNI suffer much lower security. They have to rely on crude biometrics such as fingerprints and retina scans, all of which are much more vulnerable to fakery, even if they use very expensive and high-end scanners.

Once a given host is happy the persona is under your control, it issues your persona with access permissions over whatever it controls. (Deckers call these Access Control Lists, or ACLs - pronounced “ackles”.) One host might belong to Ford, and grant your persona access to drive your Americar. A Horizon host would give you access to your P2.1 social media account. An Ares host, after particularly thorough examination, would enable you to fire your Predator. And so on and so forth - even a low-key user will have hundreds of these permissions.

This all happens in a few seconds.

Personas are ephemeral things. They only last as long as the commlink is running and you are attached to it. (This is particularly irritating for trode users; if the trodes get jostled too much, they can disconnect entirely, and you have to sign in all over again.) Furthermore, to guard against… shenanigans…, the more secure hosts will re-run spot checks of brainwave patterns periodically.

Note also you can never have two personas. The cloud hosts will immediately detect if you attempt to sign in with a second device while the first is still running, and — depending on its paranoia level — either insist one persona is shut down first or completely lock the account down until you contact customer services to get it unlocked.

This is good stuff. I like being able to explain to my players how things work. Any chance you'd share more of your fluff?


  • *
  • Prime Runner
  • *****
  • Posts: 6465
« Reply #19 on: <01-18-21/1056:01> »
This is good stuff. I like being able to explain to my players how things work. Any chance you'd share more of your fluff?
While penllawen put a lot of time and effort into this you should be aware that he is also deliberately rewrote the rules in order for them to better fit with his vision of how the matrix works / should work. Before you fully adapt his "fluff" you might want to first have a discussion at your table if you are willing to also accept his new "crunch".


  • *
  • Omae
  • ***
  • Posts: 804
  • Let's go. In and out. Twenty minute milk run.
« Reply #20 on: <04-05-22/1134:24> »
This is good stuff. I like being able to explain to my players how things work. Any chance you'd share more of your fluff?
Hi Rick, sorry for the delay in replying, I don't come here much any more.

First of all, note that Xenon is right: the attempts I made to re-fluff the Matrix do make some changes to the rules. This project went through several phases. I started off making a big effort to keep the changes as inconsequential as possible, and although my documents were never fully finished, I think I made some good progress and there's bits here I'm really happy with:

Later, what I wanted to play changed a bit. I switched to a much more radical simplification of the Matrix setting, because I also switched to a much simpler set of rules. Some of the ideas from my earlier draft survived into this one, such as the explanation of how the "wireless" Matrix is architectured that hacking is possible only across fairly short ranges (which appears to be Shadowrun's RAI, more or less):

This later doc has other changes I am very happy with. For example, I ruled that all host access is always done in VR, while all not-in-a-host access is in AR. I've never quite been able to wrap my head around what it means to be "in" a host in AR, or why you would go "on the grid" in VR, and my players never really did much of either of those things. Drawing a line between the two jettisoned a lot of possibilities but didn't discard the stuff I want: which is decker spotlight moments in either combat (in AR) or elaborate host hacks.

Again, these documents are not for everyone, but I make them available in the hope that some of the ideas can be of use to others. Thanks for your kind words.