hematic, adj.
relating to or affecting the blood.
Blood captures the imagination. Weapons of blood are popular in culture throughout the ages, from mythology to modern vids and vidgames. And the rise in knowledge of bloodborne diseases (such as hemorrhagic fevers like Ebola, or HIV) in the 20th century has crystallized a human paranoia of blood. The sight of blood can be shocking, even for immortals. And of course, technology can improve the "weaponization" of blood, with medichines and nanophages improving our natural defensive capabilities, or things like Defiler exhumans with their highly acidic blood. But blood and other bodily fluids are also a vector for the Exsurgent Virus. Exposure to the blood of an exsurgent biological strain can lead to contagion. Many transhumans are conceited in their security against potential hazards, but the horrors of the Fall have made people understand certain "TITAN made" super pathogens are still a hazard. In Firewalls SOP threads on the Eye, people weaponizing exsurgent blood is called "Hematic Weapons".
Most Exsurgents are not stable enough to actually think to use their blood, or other infectious matter, in a more technical and sophisticated way. If they are driven to spread the infection, they do so usually directly, such as through physical contact or other specific infection vectors. They aren't afraid to spill a little blood (if they have any at that stage), and might do so for big gains (such as tainting air, food or water), but subtleties and technical refinement tends not to be how the infected work. The contagious period will also eventually cease in the body, though if extracted the bio-nanos will remain virulent for days or weeks. They have specific forms and purposes, and AOK hacks tend to make one aim higher, but not always. Most often you see these weapons in the hands of TITAN puppets and sleepers, those who are not themselves infectious but already on the side of the TITANs, in the hands of various Singularity Seeker or Brinker cultists who have their own twisted agenda, or occasionally by criminal elements who don't know any better, such as rendering down exsurgents for parts and finding the infectious blood useful for their purposes.
The uses are many formed, but fairly obvious; since exovirus pathogens are applicable dermally, inhaled, injected or orally. The simplest is large samples of contagious blood in a sprayer, which is basically a squirtgun. This can be done with any infected blood, not even exsurgent, and some see it as a prank or a protest (and others, bioterrorism). More serious efforts will actually load the blood into capsule or splash rounds to strike a target, hopefully incapacitating them then infecting. With range and suppressors, this can even be quite subtle as to the exact nature of the shot, some may not notice the infectious component until it is too late. Some might even go a more extreme route, loading weapons with infectious bone marrow or other substances. For area effect though, aerosolized blood in a gas grenade or seeker is a good way to go spreading it to cover surfaces or be inhaled, the bloody mist being a powerful visual image. One might also spike melee weapons, such as the wasp knife, but considering the close contact this is often excessive when dealing with infectious material.
Firewall and other X-risk agencies always try to keep contagion in mind when dealing with the ex-virus. While the hematic tactic is not widespread, it is still a serious risk along with other more traditional methods, and one which could potentially be exploited by parties other than the TITANs themselves - something Firewall is always wary of. To counteract, an immunogenic coating is usually enough to forestall an infection, even an exsurgent one, especially if it has been outside of it's host for an extended period. Preventative nanoswarms can also break down the bio-nanos and render them inert, such as in the case of a spill. Other than that, simple physics works, exposure to potent acids or alkalis, or extreme heat will neutralize the effect. Always consider carrying some bleach if you think you'll encounter such things.
(Here's another Death Stranding twist. In the game, it's the players blood which is useful against the unknowable horrors, but in another context, using "special blood" as a weapon can be quite intimidating. A good way to freak out players who may already be paranoid about infectious material)
H-Rep
An Eclipse Phase homebrew blog
Sunday, November 24, 2019
Tuesday, November 19, 2019
ZS
Sedatives can serve several purposes. Anxiolytics reduce anxiety, tranquilizers are synonymous with antipsychotics, and soporifics or hypnotics promote sleep or unconsciousness. A calming and sleeping drug might be called "hypnotic-soporific". They have a variety of uses in the transhuman future, even with basic biomods improving the sleep cycle. They can be used to treat anxiety and insomnia which can still occur, or to create a sedated state for trauma surgery (though more specialized anesthesia are usually used). They are also used as a "chemical cosh", to "club" patients with hyperactivity or other mental disorders to make them manageable. In the espionage game, sleeping pills or gas can also be a useful alternative to wetwork. While killing someone these days is akin to putting them down for a short nap, violence risks a certain amount of "noise" and mess, and some groups will be more likely to retaliate based on the cost incurred (replacing a body) - on the other hand, sleep can be just as effective as a lethal poison, and might even be passed off as natural without a tox screen. The most common application of sedatives is ZS.
ZS: A common sedative-hypnotic drug which is typically used to treat sleep disorders (such as insomnia). It is formulated to work on most earthly biology, but some xenofauna or GMOs might be resistant to it. After onset time, the target makes a SOM check. If they fail, they fall Unconscious into a sleep which will last the duration unless interrupted (with normal modifiers), and gain the benefit of a long recharge. If they pass, they are impaired (-20) until the drug gets out of their system, being fatigued and lethargic. They also take a -10 to COG checks to remember events while under the effects of ZS. ZS can be countered by applying an appropriate stimulant (like creating an antidote), but mixing medication is to be warned against. [Minor]
ZS and derivative compounds are sold in multiple forms, for multiple applications. Most common is pills which are proscribed or self-administered for the aforementioned sleep disorders. It also comes in syrup form for those who prefer it that way. When using it as a chemical control, it can be directly injected or dispersed as a gas. "Does this rag smell like ZS to you?" is a running gag in many vid series. ZS can be habit forming, and long term abuse can lead to unnatural sleep cycles and persistent fugue states, which are hazardous. Major manufacturers warn against operating vehicles or heavy machinery for several hours after taking a dose of ZS.
ZS: A common sedative-hypnotic drug which is typically used to treat sleep disorders (such as insomnia). It is formulated to work on most earthly biology, but some xenofauna or GMOs might be resistant to it. After onset time, the target makes a SOM check. If they fail, they fall Unconscious into a sleep which will last the duration unless interrupted (with normal modifiers), and gain the benefit of a long recharge. If they pass, they are impaired (-20) until the drug gets out of their system, being fatigued and lethargic. They also take a -10 to COG checks to remember events while under the effects of ZS. ZS can be countered by applying an appropriate stimulant (like creating an antidote), but mixing medication is to be warned against. [Minor]
ZS and derivative compounds are sold in multiple forms, for multiple applications. Most common is pills which are proscribed or self-administered for the aforementioned sleep disorders. It also comes in syrup form for those who prefer it that way. When using it as a chemical control, it can be directly injected or dispersed as a gas. "Does this rag smell like ZS to you?" is a running gag in many vid series. ZS can be habit forming, and long term abuse can lead to unnatural sleep cycles and persistent fugue states, which are hazardous. Major manufacturers warn against operating vehicles or heavy machinery for several hours after taking a dose of ZS.
Drugs | Type | Application | Duration | Addiction Mod/Type | Complexity |
---|---|---|---|---|---|
ZS | Biochem | Inh, Inj, O | 8 hours | -20/Mental | Minor |
(nb: caught an error with my html table, the duration should be 8 hours)
Monday, November 18, 2019
BloodFire
There are a variety of toxins and harmful chemicals out there for a "discerning" customer. Nerve agents and potent neurotoxins can kill a morph quickly, while other drugs incapacitate physically or emotionally. Flight and Twitch have their uses, but can be a bit volatile. Nanotoxins also function as "smart" poisons, a more reliable way of mechanically interacting with cells to kill or inflame them which is more reliable than biological methods, but are more expensive and regulated. Some "chemists" have a method which works more simply than these, but it less reliable because it interacts with biological system.
BloodFire: This low-strength neurotoxin is a synthetic blend of several natural creature venoms, it is designed to inflict pain and incapacitation, not serious injury. Some enforcers who don't care much for manners or laws use it as a way to usually "non-lethally" capture someone, or it can be used by them for interrogation and torture. The poison spreads from the contact with an uncomfortable burning or stinging sensation which spreads throughout the body, causing severe discomfort, possibly incapacitating. When dosed with BloodFire, suffer 1d6 DV (halve this with Medichines) and must make a WIL check. If you succeed, you are Impaired (-20) for the duration and mostly functional. If you fail, you are Incapacitated for the duration instead, and depending on the situation may take Stress from helplessness. A character with Pain Tolerance (Level 1) gets a +30 on this check, and the impairment penalty is -10. A character with Pain Tolerance (Level 2) does not need to make the check. BloodFire may cause an allergic reaction or other complications on those with certain genetic defects, which could lead to more severe harm or even death. [Minor] (R)
Because of it's natural composition and direct nature, BloodFire is cheaper and sometimes more common (especially among criminal outfits) than something more complex like Neuropath (p. 335). It's usually applied via splash or capsule rounds in a fight, but can be directly injected or ingested in another scenario. Because the incapacitation is not guaranteed, more serious outfits may skip it, but for those working fast it's a lot quicker and cheaper to acquire, if you know the right people or chemical formulae.
BloodFire: This low-strength neurotoxin is a synthetic blend of several natural creature venoms, it is designed to inflict pain and incapacitation, not serious injury. Some enforcers who don't care much for manners or laws use it as a way to usually "non-lethally" capture someone, or it can be used by them for interrogation and torture. The poison spreads from the contact with an uncomfortable burning or stinging sensation which spreads throughout the body, causing severe discomfort, possibly incapacitating. When dosed with BloodFire, suffer 1d6 DV (halve this with Medichines) and must make a WIL check. If you succeed, you are Impaired (-20) for the duration and mostly functional. If you fail, you are Incapacitated for the duration instead, and depending on the situation may take Stress from helplessness. A character with Pain Tolerance (Level 1) gets a +30 on this check, and the impairment penalty is -10. A character with Pain Tolerance (Level 2) does not need to make the check. BloodFire may cause an allergic reaction or other complications on those with certain genetic defects, which could lead to more severe harm or even death. [Minor] (R)
Because of it's natural composition and direct nature, BloodFire is cheaper and sometimes more common (especially among criminal outfits) than something more complex like Neuropath (p. 335). It's usually applied via splash or capsule rounds in a fight, but can be directly injected or ingested in another scenario. Because the incapacitation is not guaranteed, more serious outfits may skip it, but for those working fast it's a lot quicker and cheaper to acquire, if you know the right people or chemical formulae.
Toxins | Type | Application | Duration |
---|---|---|---|
BloodFire | Biochem | D, Inj, O | 1 hour |
Saturday, November 16, 2019
2E Drugs Conversion
So here's another fun one, updating several of my old drugs, toxins or chemicals to 2E rules. The use of enforced behavior can make a few of these more interesting than before. First a short description (and link to original work), then a table below for all the facts. I may or may not port over some of the others, but I think these are the most interesting. Listed complexity is for 5 doses.
DCV: A relaxant which assuages feelings of guilt, and keeps the body calm and relaxed, so one can perform deception better. Useful also for acting. It won't overcome a dedicated truth-detecting method, but makes lies easier. +10 to Deceive checks and gain Reduced Behavior: Guilt (2) for the duration. Usually comes as a vapor rub. [Minor] (R)
DisInfect: An inhaled stimulant for the immune system, sold as a health supplement in many locales. It makes the body more resistant to toxins and physical pathogens (such as designer diseases and super virii), and stimulates a slight uplifting or energized feeling. +20 on SOM checks to resist toxins, chemicals, drugs and pathogens for the duration, and +10 on SOM checks to resist biological exsurgent infection. No effect on nanodrugs or nanotoxins. Comes in the form of inhalers. [Moderate]
Oxford: Study drug. Stimulates the center of the brain related to memory and learning centers. Helps people recall facts and build knowledge easier. +20 to COG check to remember things learned on Oxford, and gain Enhanced Behavior: Studious (2) for the duration. If used during a downtime week, you may spend an additional RP to improve skills that week, but it can only be on Know skills. Comes in pills or powder form. [Minor]
Rainy Day: Short term depressant, a recreational drug. Creates a brief stint of depressed mood, but clouds memories, while giving a certain amount of inspiration to the user, may even be mildly hallucinogenic. Used sometimes by artists to create a certain ephemeral genre. +5 on INT checks, but -30 to checks to remember events while under the effects. Gain Restricted Behavior: Happy (2) for the duration. Sold in the form of tablets or cigarettes. [Moderate] (R)
ShutIn: A nanodrug which directly stimulates the brain to create a sense of introversion, isolation and inner focus, used sometimes to aid in work or just to alter the mind state. It makes the user more observant, more focused and attentive, but antisocial and risk averse. +10 to Perceive checks and COG checks for memory for the duration, but -10 to WIL checks to resist pain or fear, and gain the traits Enhanced Behavior: Introverted and Mental Disorder: Agoraphobia for the duration. [Minor]
DCV: A relaxant which assuages feelings of guilt, and keeps the body calm and relaxed, so one can perform deception better. Useful also for acting. It won't overcome a dedicated truth-detecting method, but makes lies easier. +10 to Deceive checks and gain Reduced Behavior: Guilt (2) for the duration. Usually comes as a vapor rub. [Minor] (R)
DisInfect: An inhaled stimulant for the immune system, sold as a health supplement in many locales. It makes the body more resistant to toxins and physical pathogens (such as designer diseases and super virii), and stimulates a slight uplifting or energized feeling. +20 on SOM checks to resist toxins, chemicals, drugs and pathogens for the duration, and +10 on SOM checks to resist biological exsurgent infection. No effect on nanodrugs or nanotoxins. Comes in the form of inhalers. [Moderate]
Oxford: Study drug. Stimulates the center of the brain related to memory and learning centers. Helps people recall facts and build knowledge easier. +20 to COG check to remember things learned on Oxford, and gain Enhanced Behavior: Studious (2) for the duration. If used during a downtime week, you may spend an additional RP to improve skills that week, but it can only be on Know skills. Comes in pills or powder form. [Minor]
Rainy Day: Short term depressant, a recreational drug. Creates a brief stint of depressed mood, but clouds memories, while giving a certain amount of inspiration to the user, may even be mildly hallucinogenic. Used sometimes by artists to create a certain ephemeral genre. +5 on INT checks, but -30 to checks to remember events while under the effects. Gain Restricted Behavior: Happy (2) for the duration. Sold in the form of tablets or cigarettes. [Moderate] (R)
ShutIn: A nanodrug which directly stimulates the brain to create a sense of introversion, isolation and inner focus, used sometimes to aid in work or just to alter the mind state. It makes the user more observant, more focused and attentive, but antisocial and risk averse. +10 to Perceive checks and COG checks for memory for the duration, but -10 to WIL checks to resist pain or fear, and gain the traits Enhanced Behavior: Introverted and Mental Disorder: Agoraphobia for the duration. [Minor]
Drugs | Type | Application | Duration | Addiction/Type | Complexity |
---|---|---|---|---|---|
DCV | Biochem | D, Inh | 8 hours | - | Minor (R) |
DisInfect | Biochem | Inh | 3 hours | -10/Physical | Moderate |
Oxford | Biochem | Inh, O | 1 day | -10/Physical | Minor |
Rainy Day | Biochem | Inh, O | 1 hour | -/Physical | Moderate (R) |
ShutIn | Nano | Inj, O | 1 hour | +10/Physical | Minor |
Friday, November 15, 2019
Bola Gun
While "lethality" is an interesting subject with backups and resleeving, some physical bodies are not safe to destroy. One might need to capture a morph, a bot or a creature alive and relatively unharmed, so they can be detained or physically moved. And, if a kill is needed, it's much easier on an immobilized target. In the era of easy 3D modeling and assembly, engineers have developed a weapon based on a primitive concept which is useful in this futuristic setting.
Bola Gun: A favorite among (Ego) Hunters, the bola gun is based on the ancient hunting weapon of South America. Using an almost slingshot or catapult style design, the bola gun fires a pair of weighted balls connected by a smart material chord which extend to their full length counterweighted, and when they hit a target they then wrap them up, binding their limbs tightly. The weights are magnetized or have grip material in them, so they bind to each other or other surfaces to further the snare. Each bola has an RFID tag so it can be located, and has an option to Shock a target who is bound, similar to a Cuffband. If it is not destroyed, a bola can be recovered and shot again. The bolas are particularly hard to remove, they give a flat -20 to the SOM check to escape them, or must be cut by dealing 20 DV to the line. The primary weakness of the weapon is it's low rate of fire, and the fact that the bola cannot deploy at extremely close range. Bola Gun uses the Guns skill. Entangling, Knockdown, No Point-Blank, Two-Handed.
2d6 DV SS Ammo 1 Range 35 [Minor]
(You should all play Death Stranding, it's a great game and actually has some interesting themes which can carry over to EP)
Bola Gun: A favorite among (Ego) Hunters, the bola gun is based on the ancient hunting weapon of South America. Using an almost slingshot or catapult style design, the bola gun fires a pair of weighted balls connected by a smart material chord which extend to their full length counterweighted, and when they hit a target they then wrap them up, binding their limbs tightly. The weights are magnetized or have grip material in them, so they bind to each other or other surfaces to further the snare. Each bola has an RFID tag so it can be located, and has an option to Shock a target who is bound, similar to a Cuffband. If it is not destroyed, a bola can be recovered and shot again. The bolas are particularly hard to remove, they give a flat -20 to the SOM check to escape them, or must be cut by dealing 20 DV to the line. The primary weakness of the weapon is it's low rate of fire, and the fact that the bola cannot deploy at extremely close range. Bola Gun uses the Guns skill. Entangling, Knockdown, No Point-Blank, Two-Handed.
2d6 DV SS Ammo 1 Range 35 [Minor]
(You should all play Death Stranding, it's a great game and actually has some interesting themes which can carry over to EP)
Thursday, November 14, 2019
Mesh Combat Software v2
I had a lot of fun with the last one, and so I have a few more ideas to trot out on this subject. A lot of these concepts can be used simply as plothooks, but can also be interesting mechanical tools to aid or challenge players.
D2NA: One of the most basic malware out there, D2NA (Digital DNA) is a basic program which has one instruction, self-replicate. When activated, it generates copies of itself as rapidly as possible, filling up free storage on the device and taking up processing cycles. The name comes from both its self-replicating nature, and the tendency to use incredibly complex data, such as DNA sequences, complex mathematical formulas or large number sequences to eat up data. If not caught, it will fill up spare storage on a device in a matter of days or hours, making it overloaded. Most trained system defenders or firewall tools will catch a spread of D2NA, especially during a security audit, but a skilled hacker can covertly install it or conceal its nature until it's done it's job. Because servers have so much storage space that it takes too long to fill up, D2NA attacks are usually used to gum up sensor motes, bots and the gear of specific computer users rather than large systems. [Minor] (R)
Fog of War: Also called "Static Wall", "Blue Screen" or "Blizzard" this software tool is adapted from actual forms of e-war defense used in the Fall. It is typically run to protect certain devices which have active administrators who are directly in control of a system, and takes the form of a new countermeasure when activated. The simplest is that Fog of War degrades the quality of connection and access for normal users. It throttles connections, spams additional UI features, AR mist or other sensory distractions and in general makes things harder to navigate. Admin accounts or other select system occupants (often certain Infomorphs or ALIs using the server) are protected from this, and can work as normal. This will slow down intruders and make it harder for them to accomplish their goals, but is also a real hassle for normal users so tends to be reserved for personal use or on highly secured servers. For normal users, they act as if they are on an overloaded device, taking a -10 penalty to all meshed actions on the device (and possibly higher if the Fog of War is particularly good) - and if this device includes an AR overlay they take the Distraction penalty as well. However, the Firewall, admin accounts and other select users suffer no penalty, able to function as normal while the enemy is bogged down. [Moderate]
Grond: Grond and its many knock offs and clones are a down-and-dirty software designed to break into systems quick. It uses optimizing algorithms to smartly pick the proper exploits for a system, rather than running straight down the list, and can even multi-task to try multiple attack angles where possible. It's "siege algorithms" continue to work even after the initial intrusion, constantly trying to preempt countermeasures and predict standard software protocols. However, Grond is anything but subtle, and thus many hackers eschew the tool. It grants a +10 on Brute-Force Hacking (taking it to a -20 penalty) and on InfoSec checks while there is an active alert (removing the penalty). [Moderate] (R)
Honey Trap: Honey Traps and their many variants are common on corporate servers to discourage or counteract espionage. Most professional hackers use proxy services and stealthed signals, and so even if one is aware of them tracking them is difficult. To do this, the Honey Trap is made - it looks like an attractive piece of data, such as crypto, blueprints, personal data, etc. However, when downloaded or opened by a hacker, it reveals itself to be a trap - if still on it's home device it will usually automatically trigger an active alert, and if it has been copied elsewhere, it has a protocol to immediately "phone home" via the Mesh with the Mesh ID of device it is currently on and positioning data unless the hacker acts fast. Nastier versions of this are known as "data mines" or "wasp nests" and instead of tracking they will "detonate" when opened, revealing malware, corrupt data or overwhelming signal traffic, dealing 2d10 DV to the offending Infomorph, ALI or Account Shell. A skilled Hacker can detect if a program is trapped with InfoSec, but only if they care to look. [Minor+] (R)
Icewall: Normal firewall software uses a neural net filter to smartly detect potential intrusions or unusual activity, a constant crucible which puts pressure on any hacker who is operating through it. The Icewall takes a different tactic, it is a single, rigid defense. A hardened structure constantly patching itself against exploits, usually with stricter than normal authentication methods. Icewalls are very firm against Brute-Force hacks, as they have very few vulnerabilities and tend to rapidly patch them, applying a further -10 (total -40 modifier). They are also hard to attack directly, having 10 AV in Mesh Combat. However, because of their front-loaded defense, they are vulnerable to spoofing, and their passive threat detection once an intruder is inside may be weaker than normal. [Minor]
KeyChain: This software comes by many names (Skeleton Key, Key Ring, MasterKey, Pick Lock, etc), and is a fairly common hacking tool, though often not a reliable one. Normally, to Spoof, one must first sniff data transmissions, or forge an authentication by copying the original somehow. KeyChain is a type of software which skips that step, instead it brute-forces a spoofed authentication by studying the authentication, then rapidly making attempts to enter it via a brute-force attack. This functions as a normal spoof attack, but doesn't require sniffing, and imposes a -30 penalty on the hacking test, as it is highly likely the attempt will be flagged by the Firewall as suspicious. KeyChain cannot defeat some forms of authentication, and systems with particularly complex authentication (like very long passcodes) might take more time than a complex action. [Minor] (R)
Logic Gate: Logic Gates are an unusual form of authentication which resembles a passkey, but requires one not just know (or have stored) their passcode, or possess a specific key, biometric, Ego or device, but to actively solve a puzzle. These can come in the form of Captcha, or riddles, visual puzzles or even complex subjective ethics questions which an administrator will assess. Because of this, spoofing a Logic Gate is not possible, and most of them have a complex library of questions to ask, so simply listening in to a correct answer won't work either. You either can solve it, or not. Clearing a Logic Gate requires a COG test, which might be opposed if it is an assessment test. Failure causes a passive alert as normal. Because there is no "convenient" way to pass them, Logic Gates are incredibly unpopular for systems which are heavily trafficked, but are often used by personal eccentries, or to guard specific devices, storage spaces and tiers in networks by limiting who can access. Guanxi operators often us a Logic Gate variance which offers "tests of loyalty" to check a user's bona fides, and some servers who wish to prevent ALI access will use them. They can also be used as an active form of authentication, giving a specific user a test and kicking them out if they fail. [Minor]
Plumber: Networking has sometimes been referred to as a series of pipes or tubes. And who better to check on your pipes than a plumber? Plumber is a form of software used by both hackers and system defenders - originally intended as a simple script to check network health, a few iterations and it is a sophisticated tracking system. A Firewall can normally re-authenticate or terminate connections if threatened, and a security account can trace specific users, but sometimes you want to do a lot of tracing all at once, and not let anybody know you're doing it. Fire up Plumber and let it run. In the normal timeframe of a re-authentication, it will instead actively run a trace on all accounts on the system, attempting to ping their connection and trace them to a Mesh ID or other tag, and note and report all discrepancies to the system defender (such as proxy services, user accounts in privacy mode, duplicate accounts and other unusual transmissions). This is useful for an admin to trace all suspicious connections and flag them to lock them out or otherwise catch them, though obviously it rarely beats efforts to prevent tracing a hacker. Intruders on the other hand, will often use Plumber to trace all users on a network for further traffic analysis, or figure out where the next device or node in a network or tier is. [Minor]
Poison Pill: Another one of the classic malware tricks, a poison pill looks like good software, but it is actually bad. It can be seen as kind of a reverse honey trap. Firewalls actively monitor for unusual activity, so a hacker can try and cloak their work by making it seem like normal data. Most poison pills will fail against a dedicated scan of their code (an InfoSec test), but for purposes of passive defenses, can be safely uploaded or copies to most devices. Depending on what exactly is in the poison pill, it can do multiple things. Most when opened will dry and directly crash the OS (including possibly the Cyberbrain of a morph) of the system it is stored on with viral or corrupt data, but can also be used to damage infomoprhs or account shells which handle the data. When opened it deals 2d10 DV to the appropriate software. [Minor] (R)
Remora: Sometimes, you don't want to crash software, delete data, or even read secret files - you want to see where that data goes. Enter Remora, a common style of spyware script which attaches itself to a file and then is designed to log where that file goes. Installed with a Program test as a complex action, Remora embeds itself in the data and then covertly logs whenever that file is accessed, modified, copied or moved. If a the data is duplicated, the Remora is duplicated with it. What it does with the log depends on how the specific Remora is configured, some will simply "phone home", using an encrypted communication to upload the log to the hacker or a secure cloud storage they can access later - but this is risky if intercepted. More commonly, after a period of time, Remora will disconnect itself and through normal network processes "swim" home, connecting through public networks to find it's home device. This means that if a file with Remora attached ever makes it to an air-gapped network, however, it's useless unless the hacker can hook back up with it. [Minor] (R)
D2NA: One of the most basic malware out there, D2NA (Digital DNA) is a basic program which has one instruction, self-replicate. When activated, it generates copies of itself as rapidly as possible, filling up free storage on the device and taking up processing cycles. The name comes from both its self-replicating nature, and the tendency to use incredibly complex data, such as DNA sequences, complex mathematical formulas or large number sequences to eat up data. If not caught, it will fill up spare storage on a device in a matter of days or hours, making it overloaded. Most trained system defenders or firewall tools will catch a spread of D2NA, especially during a security audit, but a skilled hacker can covertly install it or conceal its nature until it's done it's job. Because servers have so much storage space that it takes too long to fill up, D2NA attacks are usually used to gum up sensor motes, bots and the gear of specific computer users rather than large systems. [Minor] (R)
Fog of War: Also called "Static Wall", "Blue Screen" or "Blizzard" this software tool is adapted from actual forms of e-war defense used in the Fall. It is typically run to protect certain devices which have active administrators who are directly in control of a system, and takes the form of a new countermeasure when activated. The simplest is that Fog of War degrades the quality of connection and access for normal users. It throttles connections, spams additional UI features, AR mist or other sensory distractions and in general makes things harder to navigate. Admin accounts or other select system occupants (often certain Infomorphs or ALIs using the server) are protected from this, and can work as normal. This will slow down intruders and make it harder for them to accomplish their goals, but is also a real hassle for normal users so tends to be reserved for personal use or on highly secured servers. For normal users, they act as if they are on an overloaded device, taking a -10 penalty to all meshed actions on the device (and possibly higher if the Fog of War is particularly good) - and if this device includes an AR overlay they take the Distraction penalty as well. However, the Firewall, admin accounts and other select users suffer no penalty, able to function as normal while the enemy is bogged down. [Moderate]
Grond: Grond and its many knock offs and clones are a down-and-dirty software designed to break into systems quick. It uses optimizing algorithms to smartly pick the proper exploits for a system, rather than running straight down the list, and can even multi-task to try multiple attack angles where possible. It's "siege algorithms" continue to work even after the initial intrusion, constantly trying to preempt countermeasures and predict standard software protocols. However, Grond is anything but subtle, and thus many hackers eschew the tool. It grants a +10 on Brute-Force Hacking (taking it to a -20 penalty) and on InfoSec checks while there is an active alert (removing the penalty). [Moderate] (R)
Honey Trap: Honey Traps and their many variants are common on corporate servers to discourage or counteract espionage. Most professional hackers use proxy services and stealthed signals, and so even if one is aware of them tracking them is difficult. To do this, the Honey Trap is made - it looks like an attractive piece of data, such as crypto, blueprints, personal data, etc. However, when downloaded or opened by a hacker, it reveals itself to be a trap - if still on it's home device it will usually automatically trigger an active alert, and if it has been copied elsewhere, it has a protocol to immediately "phone home" via the Mesh with the Mesh ID of device it is currently on and positioning data unless the hacker acts fast. Nastier versions of this are known as "data mines" or "wasp nests" and instead of tracking they will "detonate" when opened, revealing malware, corrupt data or overwhelming signal traffic, dealing 2d10 DV to the offending Infomorph, ALI or Account Shell. A skilled Hacker can detect if a program is trapped with InfoSec, but only if they care to look. [Minor+] (R)
Icewall: Normal firewall software uses a neural net filter to smartly detect potential intrusions or unusual activity, a constant crucible which puts pressure on any hacker who is operating through it. The Icewall takes a different tactic, it is a single, rigid defense. A hardened structure constantly patching itself against exploits, usually with stricter than normal authentication methods. Icewalls are very firm against Brute-Force hacks, as they have very few vulnerabilities and tend to rapidly patch them, applying a further -10 (total -40 modifier). They are also hard to attack directly, having 10 AV in Mesh Combat. However, because of their front-loaded defense, they are vulnerable to spoofing, and their passive threat detection once an intruder is inside may be weaker than normal. [Minor]
KeyChain: This software comes by many names (Skeleton Key, Key Ring, MasterKey, Pick Lock, etc), and is a fairly common hacking tool, though often not a reliable one. Normally, to Spoof, one must first sniff data transmissions, or forge an authentication by copying the original somehow. KeyChain is a type of software which skips that step, instead it brute-forces a spoofed authentication by studying the authentication, then rapidly making attempts to enter it via a brute-force attack. This functions as a normal spoof attack, but doesn't require sniffing, and imposes a -30 penalty on the hacking test, as it is highly likely the attempt will be flagged by the Firewall as suspicious. KeyChain cannot defeat some forms of authentication, and systems with particularly complex authentication (like very long passcodes) might take more time than a complex action. [Minor] (R)
Logic Gate: Logic Gates are an unusual form of authentication which resembles a passkey, but requires one not just know (or have stored) their passcode, or possess a specific key, biometric, Ego or device, but to actively solve a puzzle. These can come in the form of Captcha, or riddles, visual puzzles or even complex subjective ethics questions which an administrator will assess. Because of this, spoofing a Logic Gate is not possible, and most of them have a complex library of questions to ask, so simply listening in to a correct answer won't work either. You either can solve it, or not. Clearing a Logic Gate requires a COG test, which might be opposed if it is an assessment test. Failure causes a passive alert as normal. Because there is no "convenient" way to pass them, Logic Gates are incredibly unpopular for systems which are heavily trafficked, but are often used by personal eccentries, or to guard specific devices, storage spaces and tiers in networks by limiting who can access. Guanxi operators often us a Logic Gate variance which offers "tests of loyalty" to check a user's bona fides, and some servers who wish to prevent ALI access will use them. They can also be used as an active form of authentication, giving a specific user a test and kicking them out if they fail. [Minor]
Plumber: Networking has sometimes been referred to as a series of pipes or tubes. And who better to check on your pipes than a plumber? Plumber is a form of software used by both hackers and system defenders - originally intended as a simple script to check network health, a few iterations and it is a sophisticated tracking system. A Firewall can normally re-authenticate or terminate connections if threatened, and a security account can trace specific users, but sometimes you want to do a lot of tracing all at once, and not let anybody know you're doing it. Fire up Plumber and let it run. In the normal timeframe of a re-authentication, it will instead actively run a trace on all accounts on the system, attempting to ping their connection and trace them to a Mesh ID or other tag, and note and report all discrepancies to the system defender (such as proxy services, user accounts in privacy mode, duplicate accounts and other unusual transmissions). This is useful for an admin to trace all suspicious connections and flag them to lock them out or otherwise catch them, though obviously it rarely beats efforts to prevent tracing a hacker. Intruders on the other hand, will often use Plumber to trace all users on a network for further traffic analysis, or figure out where the next device or node in a network or tier is. [Minor]
Poison Pill: Another one of the classic malware tricks, a poison pill looks like good software, but it is actually bad. It can be seen as kind of a reverse honey trap. Firewalls actively monitor for unusual activity, so a hacker can try and cloak their work by making it seem like normal data. Most poison pills will fail against a dedicated scan of their code (an InfoSec test), but for purposes of passive defenses, can be safely uploaded or copies to most devices. Depending on what exactly is in the poison pill, it can do multiple things. Most when opened will dry and directly crash the OS (including possibly the Cyberbrain of a morph) of the system it is stored on with viral or corrupt data, but can also be used to damage infomoprhs or account shells which handle the data. When opened it deals 2d10 DV to the appropriate software. [Minor] (R)
Remora: Sometimes, you don't want to crash software, delete data, or even read secret files - you want to see where that data goes. Enter Remora, a common style of spyware script which attaches itself to a file and then is designed to log where that file goes. Installed with a Program test as a complex action, Remora embeds itself in the data and then covertly logs whenever that file is accessed, modified, copied or moved. If a the data is duplicated, the Remora is duplicated with it. What it does with the log depends on how the specific Remora is configured, some will simply "phone home", using an encrypted communication to upload the log to the hacker or a secure cloud storage they can access later - but this is risky if intercepted. More commonly, after a period of time, Remora will disconnect itself and through normal network processes "swim" home, connecting through public networks to find it's home device. This means that if a file with Remora attached ever makes it to an air-gapped network, however, it's useless unless the hacker can hook back up with it. [Minor] (R)
Tuesday, November 12, 2019
Mesh Combat Programs
(On page 264 it describes mesh combat as an abstraction with "no dueling avatars, no digital maneuvering, no deadly programs", but sadly that's not very fun. Below are a list of some specific software and other special features which can offer some customization and flavor to Mesh Combat, but with the understanding that using these types of things will add layers of complexity to the game and may further slow play, but they can still be entertaining. Use them just as flavor or apply the mechanical concepts as you see fit)
Aegis: A standard software package utilized by governments and security contractors, Aegis is designed to protect software from crashing. Utilizing a filtering system, it's constantly updating database can identify common malware and exploits and automatically block or remove them, as well as intercepting bad data packets. It also has real time crash protection which can check for most obvious software errors and compensate. Aegis adds 5 AV in Mesh Combat to all software on the same device as it. [Minor]
Attack Barrier: Also sometimes called a "lava wall", this form of advanced Firewall has counter-intrusion protocols. Increase the Firewall rating (p. 260) by 10, and if any intruder or attacker fails an opposed test with the Attack Barrier, their relevant software (Account Shell, Infomorph, etc) takes 2d10 DV. If they are physically connected to the system running the Attack Barrier, the device takes 1d6+Shock DV as it overloads them with an electrical surge. [Moderate] (R)
Daemon: Daemons are a sub-ALI script or process which system administrators use to delegate tasks, usually when they have a large system to run. Because they are not intelligent, they are relatively compact files, effectively spare account shells for the device or OS itself. When installed by an administrator, they decide their privilege level. Daemons can undertake certain account actions in place of their masters, either by preprogrammed signals, or by receiving an order from an authorized security/admin user as a Quick Action. They aren't very sophisticated, so anything requiring a roll they perform at a 30, but they can be helpful to pull useful information, trigger alerts or perform additional attacks in large systems while still allowing the active defender to focus on their own tasks. Even if they don't act, a Daemon adds +10 to any tests an active defender of a system makes for teamwork, as they are designed to help. [Minor]
Labyrinth: Labyrinth or a number of related softwares are known as "barrier mazes". These are complex systems which evolve over time, and thus are not allowed in many polities. In addition to normal Firewall functions which block conventional access to those without authorization, they build in deliberate traps and weak-points which an intruder might think are safe to enter, but lead to dead ends. Some versions of Labyrinths can even alter or mask the internal file registries and databases, literally shifting information to confuse and delay attackers so they can be locked in or traced. Using a Labyrinth increases the timeframe of Hacking task actions by 50%, and gives system defenders a +10 on tests to zero-in, trace and crash/lockout an intruder. [Major] (R)
Mad World: Developed by criminal and anarchist hackers, Mad World is a software somewhat akin to a Scorcher designed to crash a wide variety of software at once ("Mad" standing for Mutually Assured Destruction). Once installed and opened, Mad World will try and crash the operating software, and any apps, accounts or informorphs using the device by creating junk files, sending bad data and making an overwhelming number of connections and input options. This will seriously degrade the user experience and eventually crash a system if not disabled or deleted. It deals 1d10 DV to all software per Action Turn, other than itself (this includes the hacker who placed it). In some cases, Mad World or it's variants can even overload hardware, taking up so much processing power and stressing the system, causing physical damage to the hardware device it is hosted on. [Minor] (R)
Muramasa: Named after a legendary Japanese swordsmith, Muramasa (and many copies and variants) is one of the most basic tools a hacker has to disrupt and crash software. Instead of overloading programs with bad data or too many signals, Muramasa "cuts" into software and deletes small snippets of their code, increasing the likelihood of errors, glitches and crashes. Add +1d6 DV to damage you inflict in Mesh Combat. [Minor] (R)
Oculus: One of the scariest software a hacker can meet, but luckily very expensive and restricted. Firewalls already have threat modelling algorithms which learn normal user activity, and will flag suspicious actions and work to locate intruders. Oculus takes this one step further, it not only learns to spot likely signs of an intruder, it learns about specific intruders. Through heuristic programming, Oculus will gather data about the actions of a spotted intruder, or potential intruders and identify their patterns. It gathers passive flags and data cues, even if no official record is made of a hack, and can always apply these later by cross referencing it's database. For every time you complete a hack against a system with an Oculus active, the Firewall and active defender(s) gain a +10 bonus on all opposed tests with you specifically (maximum +60). This persists even if the hacker is anonymized, as it learns based on activity, not IDs, but it can be confused by group hacking or making an effort to alter your normal activity patterns. This bonus is lost if the Oculus is crashed or deleted. [Major] (R)
Partition: Also sometimes called a "great wall", software partitions are used to block out access to certain software by an attacker. This can be either an app which controls access, or be fundamentally built into an operating system. While a Partition is active, one cannot make Mesh Combat attacks (local or remote) on any software which is protected by the Partition. At the GM's discretion, it may also prevent otherwise normal user functions (like using apps or terminating software processes) without Security/Admin access. Operating systems, Cyberbrains and Account shells cannot be protected by a partition. ALI and Informorphs can, but in doing so they are limited by the restrictions of the Partition to software which is not contained within it. Partitions can be circumvented by crashing or disabling them via Hacking, or by faking authentication. [Minor]
Red Dress: Hacking is not all about brute-forcing, cracking, trash & crash or nuking. Many professional hackers prefer to be subtle and not alert the system at all. To this end, some of them use programs like Red Dress - a sub-ALI script which is designed very simply, as a distraction. Activating Red Dress takes a Complex Action, when it is active the app creates a distraction. What this looks like depends on the system being hacked and it's current conditions. Red Dress may attempt to physically distract a sysadmin with a personal message, or a standard request for help, but this doesn't work on a small private system. In most cases, it creates a new fake account which lacks proper authentication, a "fake" intruder which a system or operator will spot and remove, after which security functions are usually reset. This can be used to "take the heat" if a hacker thinks they're about to get spotted or dumped by giving the admins something to catch - but it doesn't always work as the Red Dress' dummy account does nothing to fight back or escape. [Minor] (R)
Shield Wall: An upgraded version of Aegis, this system not only blocks common malware attacks, but actively hunts for them in a system. It can be used to spot corrupted files, viral data and more, and will flag or delete them as necessary. Running Shield Wall in public systems or high traffic is uncommon, but more paranoid users like the additional layer of protection besides their default firewall. Shield Wall assists in Security Audits, scheduling and running them with regularity, and offering a +10 on the Infosec check to perform them as well as halving the timeframe. If there is no system defender to run it, the Shield Wall has an Infosec of 40 (counting it's own +10) to do so. In addition to patching exploits and backdoors, the Shield Wall will locate any lingering corrupt data, malware, spyware and other bad-actor software lingering in the system after an intrusion, so long as it's not too well concealed and fits its filters. Shield Wall also still provides 5 AV to all software on the same device as it. [Major]
Time Bomb: Sometimes, you just want to fire-and-forget. Time Bomb is a form of malware akin to a scorcher which does just that, it produces a single burst of viral data, bad packets or network noise to destabilize a program, then is gone. A hacker (or just an angry user) uploads or copies the software onto the system, then "points" it at a particular piece of software. When it is commanded to run (which can be set to timers, remote triggers and more) it automatically inflicts 3d10+5 DV to that software. Having "fired", Time Bomb is then effectively deleted from the device. A defender aware of a use of Time Bomb can roll a simple success Infosec test to intercept it. Most professional networks know to find lingering Time Bombs in file uploads or delete them in regular security audits, but not always. Computer Forensics can sometimes trace the origin of a Time Bomb. [Minor] (R)
Wrench Wench: Normally, apps cannot repair damage inflicted in Mesh Combat - one has to close and reboot the app to restore normal processes. Wrench Wench helps with this, it uses active system recovery functions to scan all running apps and data files, and attempt to correct glitches, troubleshoot errors and even patch in bad code. Wrench Wench repairs any apps 1d10 DV every minute, just like OS, Infomorphs, accounts and cyberbrains. Additionally, all software on the same device as Wrench Wench ignore the penalties from 1 wound, as it's functions compensate for damage by finding work-arounds. [Moderate]
Aegis: A standard software package utilized by governments and security contractors, Aegis is designed to protect software from crashing. Utilizing a filtering system, it's constantly updating database can identify common malware and exploits and automatically block or remove them, as well as intercepting bad data packets. It also has real time crash protection which can check for most obvious software errors and compensate. Aegis adds 5 AV in Mesh Combat to all software on the same device as it. [Minor]
Attack Barrier: Also sometimes called a "lava wall", this form of advanced Firewall has counter-intrusion protocols. Increase the Firewall rating (p. 260) by 10, and if any intruder or attacker fails an opposed test with the Attack Barrier, their relevant software (Account Shell, Infomorph, etc) takes 2d10 DV. If they are physically connected to the system running the Attack Barrier, the device takes 1d6+Shock DV as it overloads them with an electrical surge. [Moderate] (R)
Daemon: Daemons are a sub-ALI script or process which system administrators use to delegate tasks, usually when they have a large system to run. Because they are not intelligent, they are relatively compact files, effectively spare account shells for the device or OS itself. When installed by an administrator, they decide their privilege level. Daemons can undertake certain account actions in place of their masters, either by preprogrammed signals, or by receiving an order from an authorized security/admin user as a Quick Action. They aren't very sophisticated, so anything requiring a roll they perform at a 30, but they can be helpful to pull useful information, trigger alerts or perform additional attacks in large systems while still allowing the active defender to focus on their own tasks. Even if they don't act, a Daemon adds +10 to any tests an active defender of a system makes for teamwork, as they are designed to help. [Minor]
Labyrinth: Labyrinth or a number of related softwares are known as "barrier mazes". These are complex systems which evolve over time, and thus are not allowed in many polities. In addition to normal Firewall functions which block conventional access to those without authorization, they build in deliberate traps and weak-points which an intruder might think are safe to enter, but lead to dead ends. Some versions of Labyrinths can even alter or mask the internal file registries and databases, literally shifting information to confuse and delay attackers so they can be locked in or traced. Using a Labyrinth increases the timeframe of Hacking task actions by 50%, and gives system defenders a +10 on tests to zero-in, trace and crash/lockout an intruder. [Major] (R)
Mad World: Developed by criminal and anarchist hackers, Mad World is a software somewhat akin to a Scorcher designed to crash a wide variety of software at once ("Mad" standing for Mutually Assured Destruction). Once installed and opened, Mad World will try and crash the operating software, and any apps, accounts or informorphs using the device by creating junk files, sending bad data and making an overwhelming number of connections and input options. This will seriously degrade the user experience and eventually crash a system if not disabled or deleted. It deals 1d10 DV to all software per Action Turn, other than itself (this includes the hacker who placed it). In some cases, Mad World or it's variants can even overload hardware, taking up so much processing power and stressing the system, causing physical damage to the hardware device it is hosted on. [Minor] (R)
Muramasa: Named after a legendary Japanese swordsmith, Muramasa (and many copies and variants) is one of the most basic tools a hacker has to disrupt and crash software. Instead of overloading programs with bad data or too many signals, Muramasa "cuts" into software and deletes small snippets of their code, increasing the likelihood of errors, glitches and crashes. Add +1d6 DV to damage you inflict in Mesh Combat. [Minor] (R)
Oculus: One of the scariest software a hacker can meet, but luckily very expensive and restricted. Firewalls already have threat modelling algorithms which learn normal user activity, and will flag suspicious actions and work to locate intruders. Oculus takes this one step further, it not only learns to spot likely signs of an intruder, it learns about specific intruders. Through heuristic programming, Oculus will gather data about the actions of a spotted intruder, or potential intruders and identify their patterns. It gathers passive flags and data cues, even if no official record is made of a hack, and can always apply these later by cross referencing it's database. For every time you complete a hack against a system with an Oculus active, the Firewall and active defender(s) gain a +10 bonus on all opposed tests with you specifically (maximum +60). This persists even if the hacker is anonymized, as it learns based on activity, not IDs, but it can be confused by group hacking or making an effort to alter your normal activity patterns. This bonus is lost if the Oculus is crashed or deleted. [Major] (R)
Partition: Also sometimes called a "great wall", software partitions are used to block out access to certain software by an attacker. This can be either an app which controls access, or be fundamentally built into an operating system. While a Partition is active, one cannot make Mesh Combat attacks (local or remote) on any software which is protected by the Partition. At the GM's discretion, it may also prevent otherwise normal user functions (like using apps or terminating software processes) without Security/Admin access. Operating systems, Cyberbrains and Account shells cannot be protected by a partition. ALI and Informorphs can, but in doing so they are limited by the restrictions of the Partition to software which is not contained within it. Partitions can be circumvented by crashing or disabling them via Hacking, or by faking authentication. [Minor]
Red Dress: Hacking is not all about brute-forcing, cracking, trash & crash or nuking. Many professional hackers prefer to be subtle and not alert the system at all. To this end, some of them use programs like Red Dress - a sub-ALI script which is designed very simply, as a distraction. Activating Red Dress takes a Complex Action, when it is active the app creates a distraction. What this looks like depends on the system being hacked and it's current conditions. Red Dress may attempt to physically distract a sysadmin with a personal message, or a standard request for help, but this doesn't work on a small private system. In most cases, it creates a new fake account which lacks proper authentication, a "fake" intruder which a system or operator will spot and remove, after which security functions are usually reset. This can be used to "take the heat" if a hacker thinks they're about to get spotted or dumped by giving the admins something to catch - but it doesn't always work as the Red Dress' dummy account does nothing to fight back or escape. [Minor] (R)
Shield Wall: An upgraded version of Aegis, this system not only blocks common malware attacks, but actively hunts for them in a system. It can be used to spot corrupted files, viral data and more, and will flag or delete them as necessary. Running Shield Wall in public systems or high traffic is uncommon, but more paranoid users like the additional layer of protection besides their default firewall. Shield Wall assists in Security Audits, scheduling and running them with regularity, and offering a +10 on the Infosec check to perform them as well as halving the timeframe. If there is no system defender to run it, the Shield Wall has an Infosec of 40 (counting it's own +10) to do so. In addition to patching exploits and backdoors, the Shield Wall will locate any lingering corrupt data, malware, spyware and other bad-actor software lingering in the system after an intrusion, so long as it's not too well concealed and fits its filters. Shield Wall also still provides 5 AV to all software on the same device as it. [Major]
Time Bomb: Sometimes, you just want to fire-and-forget. Time Bomb is a form of malware akin to a scorcher which does just that, it produces a single burst of viral data, bad packets or network noise to destabilize a program, then is gone. A hacker (or just an angry user) uploads or copies the software onto the system, then "points" it at a particular piece of software. When it is commanded to run (which can be set to timers, remote triggers and more) it automatically inflicts 3d10+5 DV to that software. Having "fired", Time Bomb is then effectively deleted from the device. A defender aware of a use of Time Bomb can roll a simple success Infosec test to intercept it. Most professional networks know to find lingering Time Bombs in file uploads or delete them in regular security audits, but not always. Computer Forensics can sometimes trace the origin of a Time Bomb. [Minor] (R)
Wrench Wench: Normally, apps cannot repair damage inflicted in Mesh Combat - one has to close and reboot the app to restore normal processes. Wrench Wench helps with this, it uses active system recovery functions to scan all running apps and data files, and attempt to correct glitches, troubleshoot errors and even patch in bad code. Wrench Wench repairs any apps 1d10 DV every minute, just like OS, Infomorphs, accounts and cyberbrains. Additionally, all software on the same device as Wrench Wench ignore the penalties from 1 wound, as it's functions compensate for damage by finding work-arounds. [Moderate]
Subscribe to:
Posts (Atom)