I've been thinking about hacking a lot lately. Not "hacking" like hacking a rules system. Not even "hacking" like "exploratory programming." I'm specifically talking about our favorite x-tremely kool 90's heroes who save the world by breaching computer security (and occasionally rollerblading). It's a well-known challenge of game design.
I have never actually played a cyberpunk RPG like Shadowrun or... Cyberpunk. Hacking was in Star Wars: Saga Edition but I kinda bullshitted (bullshat?) my way through those parts because I was like 16 when I ran that game. But I have read lots of different hacking rules and I've read lots of other people discussing their experiences using them, and these are my takeaways for the most common problems:
- It's complicated and a headache to learn, especially for the GM who has the rest of the system to learn as well.
- It's usually only for one player to participate in while everyone else waits on the sideline, and in Shadowrun especially is notorious for taking a really long time.
- Either it's realistic and confusing or it's abstracted and unsatisfying.
- The GM doesn't consistently integrate it into the game world, treating it almost like an afterthought.
Mr. Robot is one of the only media depictions of hacking that shows that hacking is, like, 90% social engineering.
- You identify a device you want to hack.
- You have a means to access it (a "terminal").
- You issue commands.
And a fourth thing that's nearly always present:
- You have to deal with security measures.
- No variation. You simply set a time cost for each kind of command that can be performed. The player knows exactly how long it'll take them to do any given action and has perfect control over how this resource is spent. The GM just has to decide how "valuable" each command is in terms of the time it costs to perform.
- Roll to determine the time cost. When you want to input a command, you have to roll. You're guaranteed to succeed, but you roll to determine how well you succeed. "Alright, looks like this will take me about..." rolls dice "...3 rounds to complete." The problem with this is that, once the hacker has made their roll, they don't have anything to do for that whole timespan because their character is locked down in hacking mode. Everyone else gets to act on their turn, y'know?
- Roll pass/fail each time increment. This means that you need to roll turn-by-turn and have a source of pressure that has a meaningful impact at least as frequently. This works really well in combat and dungeoncrawls. In combat, the hacker PC can spend their turn working on their console while the action unfolds around them, and every round they pray they roll successfully so they can finally step away from the computer and out of vulnerability. In a dungeoncrawl, there might not be hectic chaos happening every turn, but there is going to be a random encounter roll (plus maybe other effects like torches burning) every turn, which means that every roll does count. This option stays exciting, giving the hacker an action to perform each round and keeping everyone on their toes, not knowing how much longer the process will take. I know I said this isn't the kind of thing you typically "fail" at but you can always justify this roll as "hasn't found the thing they're looking for yet," which actually is pretty realistic, so ultimately I probably like this option the most.
|This is the simplified overview of the ruleset I've|
been making fun of throughout this post. Here's
another helpful guide if you're a masochist.
- Answer a specific question (easy). I would treat this the same as "find something."
- Get general information (medium)
- Complete database acquisition (hard)
- Supress a system, AKA, turn it off for as long as you're hacking at the terminal (easy)
- Subvert a system, AKA, take control of it and use it to do the things it was built to do. If you leave the terminal, it'll just keep following your last command (medium)
- Sabotage a system, AKA break it, triggering an alarm (medium, surprisingly)