Dynamic Hacking

In dynamic hacking, the Computers skill is broken into three subskills used for various tasks: Deceive, Hack, and Process. Deceive represents your ability to hide or misrepresent your identity to avoid detection, confound foes, and trick your way past safeguards. Hack represents your prowess to manipulate programs, exploit vulnerabilities, and brute-force your way into a computer’s files. Process represents your ability to identify threats and opportunities, as well as change, sustain, defend, or repair your own programs. Your modifier for each of these subskills equals your Computers skill modifier, plus any modifiers based on how you configure your hacking persona (see below).

While hacking into a computer, you navigate and manipulate its systems through a persona, which is your anchor in that digital world. The persona’s simply a bundle of code through which you act, though you can give it a sensory signature that others perceive when interacting with it. However, your persona is also a target through which others can attack you, track your location, and expel you from the digital space.

Persona Health: Countermeasures might attack your persona, degrading its performance or even using the persona to attack you and your equipment more directly. Your persona’s overall health is measured by Connection Points (CP), with lost CP representing damage that impairs performance and connectivity. Your digital persona has a maximum number of CP equal to 12 + 2 × your Computers ranks. You can restore lost CP with the repair action (page 72), and you replenish all lost CP when you spend 1 Resolve Point and take 10 minutes to recover Stamina Points.

Your persona malfunctions as it loses CP. When your persona’s current CP is at or below 75% of its maximum, randomly select one of your three Computers subskills and apply a –2 penalty to your checks with that subskill. When your persona’s CP is at or below 50% of its maximum, apply that –2 penalty to your checks with the other two subskills. Increase the penalty to –3 when your persona’s CP falls to or below 25% of its maximum.

If its CP total ever drops to 0, your persona disintegrates, and you and any support hackers linked to your persona are immediately ejected from the encounter and can’t rejoin until you’ve restored your persona’s current CP to 1 or higher.

Configuring a Persona: When you begin a hacking encounter, you configure your persona, assigning a circumstance modifier between –3 and +3 to each of the three subskills: Deceive, Hack, and Process. The sum of these modifiers can’t exceed your number of Computers ranks divided by 3. If you have your own computer (Core Rulebook 213), you can harness its power to enhance your persona, in which case the three circumstance modifiers’ sum above can’t exceed your computer’s tier.

In addition, you decide whether your persona will act independently or will aid an allied hacker’s persona, establishing whether you are a lead hacker or support hacker.

Lead Hacker: This hacker can perform a major action and a minor action during each phase (action types appear on page 72). In turn, they are vulnerable to countermeasures’ effects. At least one lead hacker must be present to begin a hacking encounter, and any number of lead hackers can participate.

Support Hacker: This hacker’s persona is connected to that of an allied lead hacker. Support hackers are rarely affected directly by countermeasures and can make greater use of non-Computers skills, but they can perform only one minor action each turn. If their lead hacker leaves the encounter, any connected support hackers also leave the encounter.

A hacking encounter begins when one or more users access a secured computer by either directly accessing the computer’s user interface (like a terminal), physically accessing a computer using a hacking kit, or attempting to break into the computer through an infosphere or similar network. Once they begin, the hackers typically work against a timer, as most countermeasures have countdowns that represent how quickly they react to intruders.

The encounter continues so long as at least one hacker accesses the computer; however, a GM might end the encounter once a hacker has secured root access or resolved all countermeasures, either of which ends the encounter’s remaining threat.

Objectives represent a combination of goals and obstacles that a hacker overcomes during a hacking encounter. An encounter typically begins with several objectives, and additional objectives appear over the course of the encounter. These objectives are divided into three categories based on their lead function, and sample objectives appear on page 73.

Countermeasures: These objectives represent deliberate defenses that pose some risk to hackers. They range from alarms and contingent computer viruses to live counterhackers attempting to stymie intruders.

Modules: These objectives are programs that typically have value to the hackers—and are usually the reason for hacking in the first place—such as command modules that control doors or data modules that contain valuable intelligence.

Nodes: These objectives are figurative branches within the computer that provide access to other objectives beyond. Reaching modules often requires traversing one or more nodes.

The following are common actions used in dynamic hacking encounters. At the GM’s discretion, a hacker might be able to perform actions other than these.

Hacking encounters vary to reflect the hackers’ goals and the target computer’s capabilities. Each encounter includes at least one objective tied to the hacker’s goal (such as secret data to steal or a door to open), at least one countermeasure that opposes the hacker, and often, one or more nodes that create avenues the hackers must navigate toward their goals.

To build an encounter, set the encounter’s Challenge Rating— which sets the encounter’s check DC (page 71)—and decide on an approximate encounter length based on the number of checks required to resolve the key objectives. A short encounter requires about 5–7 successful checks to resolve the main objectives, whereas longer encounters might require 10–15 checks. For each lead hacker involved, add enough countermeasures to increase the number of checks by 2 (for shorter encounters) or by as much as 4 for longer encounters. For each support hacker, increase the number of checks by 1.

Scaling an encounter in this way need not always involve adding more countermeasures but could instead involve requiring an additional success to resolve specific objectives. This way, even if more PCs join the encounter as lead hackers than you anticipated, you can easily adjust the encounter to provide a fairly similar challenge.

Timed Encounters: In Starfinder, successfully accessing a system often affords the hacker time to explore at leisure. While a dynamic hack attempt might include finite countermeasures and a clear win condition, the format also supports hackers clashing with an array of defenses that multiply faster than the PCs can deactivate them. In this case, the goal becomes resolving enough countermeasures to stay safe, accomplish the mission, and escape before being overwhelmed or detected.

The following are guidelines for adapting existing class features and character options to the dynamic hacking system.

Faster Hacking: An ability that reduces the time it takes to hack instead reduces the penalty a lead hacker takes when performing additional major actions to –3 per additional action.

Delay Countermeasures: An ability that would delay a countermeasure’s activation instead increases that countermeasure’s starting countdown value by 1.

Negate Countermeasures: Abilities that would negate a countermeasure entirely instead grant that character a +10 bonus to their first check to resolve the countermeasure.

Security: Features that increase the check DC to hack your own computer instead apply their bonus to your checks made to resist any effect that would harm your computer or persona.