NEWS

[6e] Defeating security devices

  • 4 Replies
  • 314 Views

ammulder

  • *
  • Newb
  • *
  • Posts: 72
« on: <05-13-21/2233:41> »
Just want to double-check...

It looks like there are often four ways to defeat a device like a maglock card reader, fingerprint/retinal scanner, etc.:
  • Fake it out.  Get a copied keycard, use a retinal duplicator, voice modulator, cellular glove molder, etc.  The fake usually comes with a rating, which is used in an opposed test between the security device and the defeat device; it doesn't seem like your skill matters except in limited circumstances (disguise to fool a face scanner)
  • Rip the cover off and hotwire it (two separate Agility+Engineering tests).  These are extended tests against the lock rating x 2.
  • Rip the cover off and use a sequencer (for keypads), or use a maglock passkey (for card readers), a contest of that device's rating vs the lock's rating
  • Have your friendly neighborhood decker defeat it via the Matrix (either on prem or remotely)

The hardware for faking out scanners looks cool, but doesn't seem very reliable, as they're limited to rating 3, 4, or 6 vs. 9 for the security device.  Even if the scanner rating was comparably low and not an 8 or 9, the number of dice makes it a bit of a crapshoot (e.g. 4 dice vs 3 dice is not great to risk detection of the whole operation on).  It seems like the hotwiring or decker options would typically let you put a much larger skill pool into play.

That's cool for an autopicker or sequencer, but the maglock passkey, voice modulator, and retinal duplicator are pricey enough that you'd think they'd be more effective.  If the rating of a voice modulator or retinal duplicator was the threshold a scanner rolled against to detect the fake, that seems like it would better justify the investment.

Stainless Steel Devil Rat

  • *
  • Errata Coordinator
  • Prime Runner
  • *****
  • Posts: 4507
« Reply #1 on: <05-14-21/0011:23> »
Basically, yes.

Bear in mind though that some degree of responsibility lies with the GM to not throw unreasonable defenses at the players.  Should an apartment building be rocking rating 6 maglocks?  Frag no.  Just like that building shouldn't have a dragon as the lobby guard. Most corporate and military sites shouldn't even have rating 6 maglocks or a dragon as a guard dog.  That is like literal Fort Knox stuff.

Think of the recommended threshold guidelines on pg 36.  3 hits is supposed to be a success most of the time.  By implication, a rating 3 maglock should be what runners are being asked to deal with "most of the time", since it is also a threshold 3.

Of course you CAN throw harder maglocks, but there should be a reason why this particular lock is harder.  3 hits is, in other words, what you'd expect a shadowrunner specializing in this test to be able to be successful at.  Your covert ops character should only need about 9 dice in Agility + Engineering (Lockpicking) to expect to be successful. Or 12 dice in order to be able to buy 3 hits. Start throwing rating 6 (i.e. threshold 6) systems regularly and you're throwing off the entire game assumption about how many dice is supposed to be enough.  And of course, the lockpicking gear that caps out at rating 4 is doing so in the context of expecting to have to deal with rating 3 or so systems.  Most of the time.
« Last Edit: <05-14-21/0013:47> by Stainless Steel Devil Rat »
RPG mechanics exist to give structure and consistency to the game world, true, but at the end of the day, you’re fighting dragons with algebra and random number generators.

Xenon

  • *
  • Prime Runner
  • *****
  • Posts: 6263
« Reply #2 on: <05-14-21/0341:03> »
It looks like there are often four ways to ....
There seem to be at least four more ways to get access through a locked door:
5) Con, Command, Intimidate or magically Control a legit user to let you in (or figure out the legit keycode, steal a legit keycard or cut off the finger, hand or head of a legit user etc)
6) Have the troll muscle in your team pry up the door up using superhuman strength + a crowbar.
7) Let your agile escape artist bypass the locked door by crawling through various air vents and service tunnels
8) Unleash the team's explosive expert and have her make her own doorways (combat spells, rocket launchers and Axes are also good alternatives).


Fake it out.  Get a copied keycard, use a retinal duplicator, voice modulator, cellular glove molder, etc.  The fake usually comes with a rating, which is used in an opposed test between the security device and the defeat device; it doesn't seem like your skill matters except in limited circumstances (disguise to fool a face scanner)
This used to be opposed tests in previous edition, but actually not clear if you always take an opposed test when using a copy of a legit thing here in this edition to be honest....

Take key card for example. To copy a keycard you first need to physically obtain a legit kecard long enough for you to copy it (it just take a few seconds). This typically involve some sort of palming test to first borrow it and then another palming test to place it back without getting noticed. Then you manufacture a copy of the card. This is resolved as an Electronics + Logic (2, 10 minutes) test. Once you have a copy of the legit card there doesn't seem to be a test when you later use it to trick the card reader.

If the door is locked with a voice activated passphrase then you can beat it by recording the phrase from a legit user and the play it back (which might involve a rather elaborate Con in order to trick the legit user into saying all the words in the pass phrase without suspecting anything so you later can edit it into a complete sentence, check the excellent movie 'Sneakers' for an example of this). Once you have an edited recording of a legit user reciting the full passphrase in the correct order there doesn't seem to be a test when you later replay the legit users voice to trick the voice scanner.


The hardware for faking out scanners looks cool, but doesn't seem very reliable
The idea is that you typically use your Matrix Specialist or your Face when dealing with security devices.
Hardware for faking is mostly just an alternative for characters that didn't invest into Engineering, Cracking or Con.


vs. 9 for the security device
Residential security devices, for example, typically have a rating of 2, not 9.

Devices
Most relevant devices are given a device rating in their description, but if not provided then use the following table as a general guideline as to what rating to use.
Device typeRating  Examples
Simple1General appliances, public terminals, entertainment systems
Average2Personal electronics, basic cyberware, weapons, residential security devices, basic vehicles
Smart3Security vehicles, alphaware, corporate security devices
Advanced4High-end devices, betaware, military vehicles and security devices
Cutting Edge5Deltaware, credsticks, black-ops vehicles and security devices
Bleeding Edge  6+Billion-nuyen experimental devices, space craft
« Last Edit: <05-14-21/0353:12> by Xenon »

ammulder

  • *
  • Newb
  • *
  • Posts: 72
« Reply #3 on: <05-14-21/0701:14> »
Thanks for the great post; I'm just cropping out the part I want to reply to specifically.

This used to be opposed tests in previous edition, but actually not clear if you always take an opposed test when using a copy of a legit thing here in this edition to be honest....

Take key card for example. To copy a keycard you first need to physically obtain a legit kecard long enough for you to copy it (it just take a few seconds). This typically involve some sort of palming test to first borrow it and then another palming test to place it back without getting noticed. Then you manufacture a copy of the card. This is resolved as an Electronics + Logic (2, 10 minutes) test. Once you have a copy of the legit card there doesn't seem to be a test when you later use it to trick the card reader.

If the door is locked with a voice activated passphrase then you can beat it by recording the phrase from a legit user and the play it back (which might involve a rather elaborate Con in order to trick the legit user into saying all the words in the pass phrase without suspecting anything so you later can edit it into a complete sentence, check the excellent movie 'Sneakers' for an example of this). Once you have an edited recording of a legit user reciting the full passphrase in the correct order there doesn't seem to be a test when you later replay the legit users voice to trick the voice scanner.

The thing is, Retinal Duplication and the Voice Modulator are really nifty devices.  You really feel like a B&E specialist if you invest in those.  But if what you say about no tests for legit fakes is true, these devices shouldn't have ratings.  It should be enough that you have the device and the source material (retinal scan or sufficient voice recordings) and then you're in.

Retinal Duplication specifically says "Make an Opposed test between the retinal duplication rating and the retinal scanner rating," however.  Voice Modulator doesn't say either way -- the only thing about the rating is that its rating adds to Con tests.  The Keycard copier says the fakes it makes just work.  So we're all over the place, here.  :)

I guess I don't really love that Retinal Duplication has a rating... With only a 1/3 chance of fooling the very most basic scanner, the Rating 1 is for all practical purposes useless, and Rating 2 isn't much better.  The intent seems to encourage you to dump as much money into it as you can, but approaching the cost of Wired Reflexes 2 seems way too steep for this much more niche devices.  I'd rather it be like $20-50K and if anything make the test be on securing/transferring the retinal scan not on fooling the scanner (as the Keycard Copier works).

Xenon

  • *
  • Prime Runner
  • *****
  • Posts: 6263
« Reply #4 on: <05-14-21/0758:41> »
To defeat a keypad you need to know the code, hack it or open up the case. Once the case you can either rewire (strange that they decided to keep the convulted way of picking a lock when they went to SR6, they should have just replaced all them extended tests with one single test if you ask me) it or use a sequencer. It seem to be clear that the sequencer is still resolved with an opposed test.


To defeat a keycard reader you need a legit card, a skeleton key, a copy of a legit card, hack it open or open up the case to rewire the circuits. If you use a skeleton key then you don't need to break open the case and it seem clear that it is resolved with an opposed test. Keycard Copier used to have a rating in previous edition and it used to be an opposed test against the sensor. This seem to have been deliberately changed for this edition (the way I described it above). I wonder if this was the intent for most of the security devices actually...


When it comes to palm- or finger prints, cellular glove molder used to explicitly state that it was resolved as an opposed test in SR5. In SR6 it doesn't. But unlike the Keycard Copier it still have ratings like in previous edition.... Perhaps the intent is the same here and that it should actually have no specific rating just like the keycard copier (and the difficulty would be more when trying to gain access to a legit print in the first place). Or perhaps the intent is that you still make an opposed test :-)


As for retinal scanners, Retinal Duplication seem to be clear that you take an opposed test (perhaps because it's hard to make an exact duplicate of someone else's retinal). If this is also the intent I don't know (the text seem to be copied word by word from SR5 including rating and cost per rating - the only change seem to be the page reference and the last sentence about storing being linked to the rating of the augmentation). Perhaps the intent was that you would automatically fool a retinal scanner as long as you fully loaded your retinal duplication augmentation with the correct user's retinal records and that the rating would instead act as a limiting factor on how many different retinals you can store (but this is not what the text seem to suggest). You also need to record the legit retinal somehow. Cybereyes comes with built-in camera so perhaps this could involve a seduction based Con of sorts where you stare deep into the eyes of your mark :-)


Facial recognition was said to be "one of the least intrusive, but also least accurate, biometric recognition systems" and that you beat them with Prosthetic makeup and biosculpting and then take an opposed Disguise(SR5) or Con(SR6) + Intuition(SR5) or Charisma(SR6) test vs the Device Rating.


Voice recognition used to be resolved with a Record/Playback Device Rating vs Voice Recognition Device Rating test in SR5 but no mentioning about this in SR6 (perhaps you in SR6 will automatically be successful as long as you are reciting the correct passphrase with the correct voice?). In addition to this Voice Modulator augmentation also act as a positive dice pool modifier on voice based Impersonation(SR5) or Con(SR6) tests.


Breath, cellular, and DNA scanners require an actual sample from a legit user. The sample also need to be treated with an enzyme bath that is resolved with a Chemistry(SR5) or Biotech(SR6) + Logic (5, 1 Hour) extended test to manufacture. But that there doesn't seem to be a test when using it against the sensor (in neither edition).
« Last Edit: <05-14-21/0801:34> by Xenon »