Cursing in frustration, the hacker draws her pistol and checks to make sure it’s loaded. She thought this would be a tough network to breach, and her download has triggered an intrusion alarm. “Company coming!” she shouts to her team as she prepares to join them in fending off the soon-to-arrive security squad. “Tacticals!”
So far, we’ve had a couple articles explaining the thought chain we’re pursing when it comes to digital systems and computers for 2050. In this article, I’m going to outline some actual game rules and associated numbers for these. I’ll also try to explain any pertinent lines of thinking regarding the rules. Here we go!
Computers = Tools
There is a temptation to make “Computers” another skill that can be learned by the characters. Indeed, in earlier editions of the game (especially 3.5/Pathfinder), that’s exactly what I would have done. However, in 5e, the skill list is intentionally small, and I hesitate to add anything to it. Further, 5e does have a modular “skill” system: tools.
Tools function identically to skills in terms of mechanics except that they aren’t tied to a specific ability score. One could conceivably make a Wisdom(Herbalism Kit) or an Intelligence(Herbalism Kit) check with no problem. Really, in its essence, what the tool is allowing a character to do is potentially add a proficiency bonus to an appropriate ability check. IE the character’s skill with such-and-such tool allows her an edge when performing some specific activities.
Computers: This item encompasses the vast array of digital devices in the wired world. From smart thermostats to supercomputers, skill with these tools can help in all aspects of digital life. Proficiency with this kit lets you add your proficiency bonus to any Ability Checks you make to break digital security, code and run scripts, alter the functions of devices and scour electronic systems for information.
Gaining proficiency in this tool set will be the same as any other: you likely got it from your background or class. In 2050, the Rogue will be allowed to gain proficiency as if it were a skill, and there will be several backgrounds that grant proficiency.
Computers have language.
When we first talked about this, dad and I both immediately thought of a problem: knowing how to use a home computer doesn’t really give you an edge at navigating, say, a Linux webserver. This is true, and it is somewhat problematic. However, I came up with an idea to help: languages.
When you hear the term “computer languages,” you probably think of things like C++, Java, COBOL, etc. However, that’s not what I mean when I’m using “language” as a 5e term. In this case, what I’m describing is an overall familiarity with the interfaces and architectures of different types of computers. Really, this is what people mean when they say things like “computer literacy.” It’s knowing that on Windows computers, double-clicking icons opens them, going down to the taskbar is how you get to places, and ctrl-alt-del will save your ass. Yeah, it’s not a true “language,” but that’s the best way 5e can simulate this without creating a whole new tool for each separate type of computer.
COBOL anyone?
Computer Languages
- Parfait The basic consumer software suite present on every smart device and personal computer. Every character in 2050 starts with this language proficiency.
- BizOS The software suite used by businesses and corporations for running their networks and computers.
- Skippy The software used by automated systems such as drones, self-driving cars, and consumer robotics.
- SAGaN The software used by the educational, scientific, and medical communities. This is also the software used by most cybernetic implants.
- COMBAT-OS The software used by the military and government entities.
The rule is simple: if you’re using a computer which is in a language you don’t know, you have disadvantage on all related checks. Thus, you can still leverage a proficiency in computers (there are translatable skills), but you’ll be at disadvantage working with computers you’ve never used before. And while you career coders out there may know that skill with one interface or programming language absolutely does not translate into using others, just keep in mind that we’re talking about people of heroic abilities.
Getting the Hacker out of the Basement
One of the troubles of the idea of the “adventuring hacker” is that there is rarely a need to get into physical dangers while hacking. Why risk your meat when you can sit comfortably tapping away with a big-ass bag of Cheetos and six-pack of Jolt cola within easy reach?
Well, we can solve that, with RULES! Yes, rules. Rules about every gamer’s favorite thing: Latency!
Latency Will Kill Ya!
- Disadvantage when accessing networks remotely through the Net or over a long series of hops (DMs judgment on the latter, but if you bounce through fifteen offshore data centers or a satellite, it’s probably too far).
- Normal when accessing a device or network directly through WiFi or accessing another device networked to your own (IE accessing a NAS through a connected terminal)
- Advatange when accessing a device via a hard-wired port (directly plugging your rig into a server, for example)
Another tricky thing is: How long does all this take? Realistically, sophisticated hacks can take days, weeks, even years to set up all of the software and scripts and bots and whatnot. That, of course, will never do for heroic roleplay. However, if we call hacking an action, it’ll take roughly six seconds. Well shit, that’s too quick.
We’re still trying to figure out what (if anything) needs to be codified for duration, or if we can rely on DMs to figure that stuff out. We will likely write some specific rules on hacking in combat (which will become important when we deal with drones and cybernetics), but those are still being forged.
We’ve also go the question of obscuration and security to consider. We already know that if you bounce through a bunch of servers it will lessen your chances to do what you need to do. But how do those bounces affect your odds of being discovered through some sort of trace?
“Trace Buster Buster BUSTER!”
Computers = Constructs
Ok, the final thing I want to talk about here is the idea that computers can be affected by magic. When we conceived of 2050, we had two mutually exclusive options with regards to technology and magic. The first is to say that tech and magic are antithesis to one another, and therefore they don’t mix. The second was to say that computers interact with magic just like anything else…magically!
So, here’s what we’ve decided to do: computers are constructs. Yes, constructs, like a golem or a Modron. They will have ability scores, HP, skills, etc. Yeah, it’s a little weird, but let’s talk through this for a sec.
A clay golem is little more than a magical chunk of rock. A Modron is literally a robot from the lawful neutral clockwork plane (hmmm, a digital plane, anyone?). Neither of these things have brains or souls in the traditional sense, but they’re still “creatures” in a D&D sense. Most importantly, they can still be affected by magic, assuming they are valid targets for the spell.
For example: Illusion spells. Constructs can generally be affected by Illusion spells (as they target “creatures”), but they can’t be affected by a type of sensory input they don’t have. For example, a blind person is immune to Minor Illusion. Similarly, you can’t inflict an illusory image to a computer without a camera. A desktop PC generally doesn’t care if there’s an illusory Beholder in front of it, but a security camera might. Especially if there’s a security guard watching the feed from it.
As for abilities, we haven’t quite nailed down what they’ll be, but we do have a general idea. Processor ability will be Intelligence, any security software will be Wisdom, and Charisma will be… the color of the case? Alright, we’ll figure it out. However, these are the stats the computer will use when saving against magic. In our little example play in the last article, the hacker cast Suggestion on the computer, and the computer failed to save against it. So, to the best of its ability, it complied with the suggestion (give me access). Here, language played an important role: if you don’t speak the “language,” the computer can’t understand your suggestion. Just like any creature.
So, that’s what we’ve got so far. We’re going to start playtesting this stuff soon with a semi-occasional family game, which means things will likely change as we go. Stay tuned and, as always, let us know what you think and any suggestions you may have!
Hi, gents!
Seems like a good framework here. I have a thought:
Charisma is akin to persuasiveness, or force of personality. Most constructs (in previous editions–not sure about 5E) had a Charisma of 0. So should most computers.
But not AI.
AI can be programmed to learn, and to engage in activities like negotiation. And hack. Computers can be used to “convince” each other of a digital reality.
Just a thought to add to the great work you have here!
This is true, about Constructs having low CHA in general. We want to make sure that computers don’t get screwed over when dealing with spells that ask for CHA saves (Bane, Banishment, etc.), but it’s likely not a real problem. It’s a pretty uncommon save.
I’m leaning toward making CHA a function of keyswitch. Buckling Spring = 18, Cherry Blue = 16, Cherry Brown = 14, etc, with PC Jr. Chiclet bottommost at 4,
Perhaps the programs would be the constructs, sharing Int scores based on processor speed and memory capacity, Con could be related to the cooling system, Dex could be related to connection speed (as in opposed Dex check hacker vs. program for alerting security), anything attempting vs Cha should probably re-route to Wisdom. Programs would have their own Wis score, which would reflect the difficulty of spoofing/bypassing security.
What do you think?
Having the programs themselves be the constructs is a pretty Shadowrun-ey paradigm.
I did consider that, but there were a couple of reasons I opted not to:
1st) We had a spell-targeting issue. Can you “see” a program? Yet, many Illusion spells require you to be able to see the target. Sure, we can write in a caveat to that rule, but it requires a weird leap of logic to do so. Additionally, can I “see” a program that’s on a computer I’m 5 hops from? 3 hops? 2? Where is the line drawn and why? What “program” is a security camera running? Am I spoofing the camera, or the video feed? Can I spoof CCTV? This is where we get down a rabbit hole from which the inevitable result is SR5e. No thanks.
2nd) This adds an exponential amount of work that a DM has to do. Not only does he need to figure out what computers are present, he has to decide which software and programs its running? Oh man, that triples everything, and that’s just for a simple garage. When we need to figure out which computers are running which programs in a thousand-node corporate network, things get even more out of control.
So, we keep the computing machines themselves as constructs. Basically: anything with a processor is a construct (even a simple one like a smart thermostat or doorlock). Spells can target them just like they would anything else. Want to spoof a camera with an Illusion? It’s the camera making the save. Seems like there would be a market for high-end Illusion-resistant cameras, then.
As far as DEX, CON, and STR go, we’re going to leave these the same as with any creature: based on the physicality of the computer. Yeah, a desktop computer is going to have a DEX and STR of 0 and a pretty low CON (unless it’s a 386; those things could be dropped a story without a problem). However, the same rule framework is going to apply to drones and robots. Ah! Suddenly, a spry little flying drone probably has STR and DEX akin to a faerie or sprite. Meanwhile, a self-driving car has the STR of several horses.
Our main goal is this: simple and playable. By keeping the rules few and applicable across the board, we can achieve this goal.
We really value your input, Scott (and Jason above), so thank you very much!
Perhaps one could have hacking have two distinct circumstances in which it takes effect.
1) long term hacking-as-craft, much like the creation of magical items. The time and difficulty involved can vary depending on if you have direct back end access to a brute force assault on a login.
2) short term in combat hacks. These are the hacks on less secure systems, like the lighting or a drone. At this point, is it an opposed action or something where the target needs to roll a wis save?
Yes, those would be two different scenarios, and the system will account for both, ish.
1) Long term hacks will probably be left up to the DM on how to handle without specific rules or codified systems. Think of it this way: let’s say a character is participating in some sort of 5 day decathlon. Would it just be an Athletics roll? Probably not; the DM will need to figure out how to ask for rolls and when, etc. That’s the same way here.
2) Short term stuff will probably be 95% of the hacking in any campaign. It’s not generally an opposed roll or a saving throw, but a check DC, much like any other tool or skill roll. That DC will depend on what kind of computer is being hacked and how tough the security on it is.
I hope that helps.