This is where I make a big break from the way standard Shadowrun does things.

Standard Shadowrun simulates the Matrix, and often winds up making no sense, especially to people who know anything about computers. (This is certainly in cyberpunk tradition, given that William Gibson wrote Neuromancer on a manual typewriter from 1927 and had never touched a computer at the time.) That leads to a lot of cognitive dissonance for players who know a lot about computer technology, and can lead to boredom for the rest of the party while the decker does decker stuff.

This is Fate, so instead of simulating the Matrix, we’re simulating stories about the Matrix. So what do deckers do?

The Matrix

Matrix protocols are designed to pass code and data around, much like JavaScript operates in the 2020 web. Static archives comparable to ZIP files exist, but for security purposes, it is commonplace to turn every transmitted file into its own obfuscated executable (massively bloated compared to the size of its payload) that only extracts its contents when presented with the proper credentials, and manages its own copying, relocation, and (when its license expires or it detects that it’s in a hacking environment) self-erasure. A determined reverse engineer can beat such protections, but it takes a long time, especially when such files can also carry payloads of data bombs that can delete the file or attack the system on which it’s stored, and figuring out whether that obfuscated code is a data bomb or legitimate payload is joining a constant arms race between security engineers and deckers. If you have a custom-built environment with underlying security protocols disabled, you can copy the file over and over again and try as many times as you want; possession of such a device, unlicensed, is a felony in most jurisdictions.

The insistence of advertisers on Matrix protocols supporting interactive code in augmented reality packets— to know how long someone glanced at an ad— is a common vector for hackers to break into a Scape, but the technical solution is always said to be buy better firewalls rather than build more secure protocols.

The underlying technology of the Matrix is entirely capable of establishing encrypted point-to-point communications that have no need for all the additional hassle of running around in virtual reality. For decades, the Matrix has been developed to preclude such directness, because panhumans are bad at security in the physical world, and even worse if you don’t force them to conform to a familiar metaphor. It is customary that administrative privileges can only be exercised from a control room in virtual reality, or by obtaining a mantle of authority from such a place. Many access controls require physical presence in a secure room in the office— as far as the computer is concerned. Bypassing the systems that enforce the virtual environment (e.g.: teleporting in a no-teleporting zone) require hackery and risk raising an alert.

People being people, there are often back doors installed that make it possible for an administrator to deal with an issue without physically leaving the sports bar. This sort of thing can be declared as a Recon+Hack roll, though the difficulty can be quite high on a host belonging to a AAA megacorp.

Datasteals are heists, as per Forged in the Dark:

The Wrath of GOD

The Grid Overwatch protocols are instituted in 2065 at the Second Universal Matrix Conference and are rolled out over the course of the year. (Sixth World Almanac p92)

The Grid Overwatch Division are charged by the Corporate Court with hunting down illegal activity on the grids. A demiGOD is a GOD subdivision tasked with overseeing the security of a particular grid. They employ numerous deckers called G-men (complete with personas sculpted to look like 1930s FBI agents) to investigate signs of illegal activity.

demiGOD attention is attracted by disturbing the numerous crosschecks deployed as part of the Grid Overwatch protcols. The length of a GOD stress track varies with the enforcement level; on the public grid, it's thirty stress boxes, and on corporate-owned grids it’s twenty.

Any Crime+Hack or Hit+Hack that takes place on the public grid runs the risk of arousing the wrath of GOD. On a success with style on either, the hacker can forfeit a shift of effect in exchange for being so subtle that they didn’t disturb the consistency measures— or they can increase the GOD stress of their target by one. On a mere success, they rack up a point of GOD stress. On a tie, they rack up two; on a failure, three; on a spectacular failure, four.

Any user, whether or not they’re a hacker, can also get a point of GOD stress from a spectacular failure that crashes software and also disturbs the consistency checks.

When the stress track is full, a G-man shows up to investigate, and they possess administrative-level powers to probe and to dump from the grid. They don’t get Extra Actions because they’re in low orbit and connecting to the grid over satellite links, but they have Epic (7) ability to trace people and Hit them with matrix stress, can spawn IC that runs locally (GOD’s Trace IC is also Epic (7)), and can automatically boot them from the grid if they look suspicious, triggering dump shock, and call in the local authorities to converge on the location. Their ideal is to make sure that hackers get caught in the physical world, and that they dump actual hackers and not people who accidentally racked up GOD stress due to a software malfunction or hacker attack. This means that they only dump first and analyze the data trail later if they’re overloaded; their goal is to keep hackers busy as long as possible while giving meatworld security a chance to converge on their location, but not letting them get away with paydata. The G-man ideal is that the decker is sitting there with smoke rising from their cyberdeck and stunned from the dump shock when the jackboots-on-the-ground kick in the door.

Once inside a host, the same protocols are in effect, but with security spiders instead of G-men and a separate overwatch score from the external grid.

The Foundation

The Foundation-based Matrix (Data Trails p83), introduced in 2075 by Danielle de la Mar, is completely virtualized. Its fundamental principle is that as long as there’s about 20× as much processing power and 100× storage relative to the actual work being done on the Matrix, absolutely nothing is tied to a particular piece of hardware. (This is erroneously described as hardware-free.) Everything is encrypted in transit and at rest, with multiple redundant replication and version control, with everything automatically moving to the hardware where it will function with minimal latency. The Matrix then forms, emergent, based on this underlying infrastructure, whose source code is a complete secret. You still need big data centers near places with high population density.

If you aren’t running Foundation protocols, the Foundation Matrix will simply refuse to talk to you. It is still possible for two systems built from inspected source code to tunnel their connections through Foundation protocols by running Foundation code in a coprocessor and telling that coprocessor that the main processor is actually a peripheral. Creating hosts in the new Foundation is a Great (4) Scrounge+Hack task as you find a subcontractor of a subcontractor of a subcontractor of an authorized host creator who will accept your shady laundered nuyen. If you want the host to do something, you’ll need to pay for its resource footprint; if you have server hardware, you can rent it out for the value of the things you’re doing and your code might even run on it.


Anyone can access the Matrix through a Scape. To hack the Matrix, you need a specialized tool called a cyberdeck. In 2050, a deck is about the size of a desktop computer keyboard if it can run in tortoise mode, where everything is handled through the screen (or your Scape display) and gestures or hand controls. If you only interface with it through direct neural interface— a datajack or skinlink connecting to your cyberScape— the components would fit in a beer can, and can be crammed into a cyberarm. By 2075, it’s the size of a tablet or a couple of packs of playing cards.

Without a stunt, you can still use a cheap tortoise deck to access shady online forums; many non-decker runners have Hack +1. To be a decker, you need the Cyberdeck stunt:

Cyberdeck (1): you have a piece of class CD controlled technology used in Matrix security, descended from the technology used to purge the 2029 Crash Worm from the Matrix. You are able to use Extra Actions in the Matrix, and load as many programs as you have points of quality. You may have obtained an off-the-shelf model (Scrounge+Hack), or built your own from scratch based on open source designs (Make+Hack); the relevant skill determines the quality, size of its Matrix stress track, and combat advantages:

Quality 2050 2075 Stress Advantages
0 (Mediocre) Radio Shack PCD-100 Erika MCD-1 3
1 (Average) Allegiance Alpha Microtrónica Azteca 200 4 -
2 (Fair) Sony CTY-360 Novatech Navigator 4 + -
3 (Good) Fuchi Cyber-4 Renraku Tsurugi 6 + --
4 (Great) Fuchi Cyber-6 Sony CIY-720 6 ++ --
5 (Superb) Fuchi Cyber-7 Shiawase Cyber-5 6 ② ++ ---
6 (Fantastic) Fairlight Excalibur Fairlight Excalibur 6 ② +++ ---

Matrix stress has a four-stress condition, Magic Smoke, indicating that your deck needs physical repairs, which takes hours with access to the right parts and tools; while this condition is marked, your deck operates at two levels below its usual quality. (Roll Make+Hack or Make+Tech against Great (4) difficulty; extra shifts reduce the base time, in hours, equal to the Quality of the deck.) Being Taken Out on that track means dump shock. (You can always take the dump shock instead of letting out the magic smoke.) Matrix stress clears on a reboot.

You can only use as many dice of combat advantages as you have points of Hack. A Fairlight Excalibur in the hands of a novice only gives them a bigger Matrix stress track.

A security professional can obtain a license for a cyberdeck with roughly the same ease that a bodyguard can obtain one for weaponry. High-security sites have deckers pulling 8-hour shifts patrolling as security spiders at all times.

Redundant Cyberdeck Systems (1): your deck has an additional Magic Smoke condition, and each Magic Smoke condition marked only reduces your deck’s Quality by 1.

To use one level of Extra Action, you need Hack +1 and either a direct neural interface (DNI) from a cyberScape or using a trode net in cold sim, where hostile biofeedback programs are, at most, capable of inflicting mental stress on you. To use two levels, you need Hack +2 and either hot sim (where biofeedback attacks can kill you) or both DNI and cold sim. To use three levels, you need Hack +3, DNI, and hot sim. Jacking out suddenly— or being ejected forcefully from the Matrix— while in sim causes dump shock, an attack defended by Focus+Hack. Jacking out is a Great (+4) attack, and leaves lots of your persona code on the host for forensic analysis; exfiltrating from the host means you get to clean up your data trail on the way out.

Every decker creates an idiosyncratic program called a persona, which performs all the microsecond-speed decisions that they could never handle at meat speeds, and presents information to them for decision-making that occurs in the tens-of-milliseconds response time of a direct neural interface. Most persona code runs on the cyberdeck, but snippets of it execute on the host to get the fastest response times. Snippets of persona code retrieved from a node can serve as a fingerprint to uniquely identify a decker, though as deckers continue to tweak their persona code, it becomes harder and harder to match. A decker using another decker’s persona code will be at a considerable disadvantage due to lack of all the customizations that each decker uses to get the maximum performance out of their interface. Coding an entirely new persona as a form of identity change is a huge effort; deckers do occasionally go into seclusion to code a new one and train with it.

To get the maximum speed out of human responses, the persona interprets the decker’s use of other skills. While actual cybercombat involves a flurry of nanosecond logic, the organic input to it comes from the metaphor of combat, with all the pulse-pounding realism of hot simsense that risks giving you a heart attack.

The spectacular visuals on Intrusion Countermeasures (IC) are there to degrade a decker’s interaction with their persona, and to impress executives who like to watch footage of cybercombat repelling prying deckers from their nodes.

Persona code can be written to turn over subsystems to friends with special skills. Non-deckers with relevant knowledge can roll Brains to create advantages to help locate paydata by skimming datastores for things that catch their expert attention.

Note that Chrome does not directly make you a better decker. It is entirely reasonable to take Chrome that enhances your Brains and make that part of the story of why your Hack is so good, and to roll Brains+Chrome to create advantages that you tag when you roll Make+Hack.

Doing background legwork for a run is a Recon+Hack roll, though the GM may preemptively hand the decker’s player a Fate point and use the character for infodumping and maybe call for a roll to see if they dig up additional useful information.

Wireless Escapades

By 2050, most people are online whenever they’re wearing clothing. And their gear is online. Usually any person’s gear is talking via one-time-pad-secured skinlink to their Scape. Key exchange usually happens in what the owner considers a secure area, whether that’s their nightstand or the Faraday booth at the bank. The Scape talks to the Matrix, and that’s the point of entry. Roll Crime+Hack to get into someone’s Scape, and you can create advantages like Rebooting or Inverted IFF on their gun. You can make a smartgun eject its magazine and open the slide, but remember there’s still one in the chamber!

The quality of the firewall on someone’s gear is their Scrounge+Tech (indicating that they bought it) or their Brains+Hack (if they programmed it personally).

You can always isolate your gear from the Matrix. If your gun is only talking to your smartlink and rejecting all other protocols, it can’t be hacked. It also can’t correct for windage based on local weather stations, or avoid hitting that bystander who isn’t a designated target, or take advantage of that Firing Solution aspect your decker buddy just created as they manage the battlescape. A decker can act as a router for the entire team, so anyone trying to get at someone’s gear has to beat the decker’s firewall, or run the entire team network isolated from the Matrix, but that means they can’t go after the opposing team.


Cybercombat involves the attacker rolling Hit+Hack against the defender’s Brains+Hack, representing (retroactively) how well they configured their firewall. (Outside of mutually agreed simulated duels, there is no analogous maneuver to dodging in cybercombat. If your opponent can see you, they can hit you.) Hit+Hack can also create or cancel advantages, such as shutting down a running program. Depending on the attack program you’re running, you can inflict Matrix, mental, or physical stress on the target.


A decker running overwatch needs to roll Crime+Hack to get into the security of the target location, then Sneak+Hack to evade patrols by IC and security spiders as they sleaze their way into the virtual-reality model of the building. Crime+Hack can unlock doors, Prod+Hack can divert security guards, Brains+Hack can calculate the field of view of security cameras and guards to create maps to help teammates evade detection. Sometimes breaking in from the outside is accomplished more easily from the inside; combat deckers sometimes use a mobility frame to move their body around while their attention is entirely on virtual reality, and others have a Puppet Implant for the same purpose. Other deckers insist on playing it safe and simply hand the penetration team a point-to-point link drone (using a laser or maser) to put in a window after plugging its fiber optic cable into the internal network.


Even when a combat decker has no server to hack, they can still hack the battlescape. During combat, they can hide behind an obstacle and fend off attacks on the team’s wireless presence, loft disposable selfie drones into the air to build up a map of the battlefield, and create advantages like Firing Solution and The Right Time to Duck for their teammates using Spot+Hack. If the opposition are also wireless, they can be hacked, putting spam in their Scapes and rebooting their guns.

During the getaway, the decker can be similarly useful, hacking the traffic grid (or the sensors feeding it) to create advantages like String of Green Lights for haste or Red Lights in Our Wake to stymie opposition. The rigger can patch the decker into the vehicle sensors to help maintain the battlescape model.


The only unbreakable form of encryption is the one-time pad, but using such a thing well is very difficult; key distribution gets exponentially more difficult as an organization grows in size. Focus+Tech represents a person’s discipline in one-time pad use, and Recon+Hack can spot flaws in it. Megacorporations using one-time pads usually update employees in Faraday-cage booths, store the keys on highly secure datastores, and courier copies of the keys in point-to-point flights between extraterritorial corporate sites.

Other forms of encryption can all be broken, and the question is how long it takes; it does not happen at combat speeds. Encryption is characterized by difficulty (can you figure out how to break it?) and time (how long will it take?). This year’s expected time to decryption is six billion years could take a matter of hours ten years from now, so intelligence organizations sit on giant piles of intercepted data that they plan to mine someday when it becomes feasible. Decryption is not something that happens on the fly; it’s a Brains+Hack roll to figure out if you can decrypt it (with a +1 bonus for each year that has elapsed since the encryption scheme was deployed) and a Scrounge+Hack (or Scrounge+Corp) roll to put together the hardware to crunch it. Extra shifts from the first roll add to the second roll, and each shift of success reduces the time by an order of magnitude.

Off-the-shelf encryption is represented by the purchaser’s Scrounge+Corp or Scrounge+Hack, buying something that will take a million years to decrypt with those resources. With corporations, the purchaser is the corporation, not the employee, so you’re probably looking at Fantastic (6) difficulties with an A corporation. Epic (7) with a AA, and Legendary (8) with a AAA. With a couple of rolled 10’s, A-level decryption is taking half a week to break, but AAA-level requires a century. In 2065, after Dr. Heinrich Andrews of the Universität Stuttgart publishes an academic paper on a new method of attacking encryption (Unwired p67), shifts are worth two orders of magnitude instead of one; corporations escalate by making the base time a billion years, but those 10’s still decrypt the A level encryption in 3 seconds and the AAA in 10 years.

The most effective way to defeat encryption is to heist the encryption keys or the decrypted file. Routes for this include installing spyware on your target’s system and using Prod+Hack to get them to look at the file, and old-fashioned rubber-hose cryptanalysis.


Loading a program and making it ready to run requires an action. If you unload a program that created an advantage, any aspects it created lapse.

Cyberdeck programs include:


Tracing takes place on a zone map:

Location Tower / Sub-station LTG RTG Wrong RTG Wrong LTG Wrong Tower Wrong Location

You start in the middle. In a contest of Recon+Hack vs. Crime+Hack, a success moves one zone and a success with style moves two zones. The Regional Telecommunications Grid tends to have the scope of an entire country, and the Local Telecommunications Grid an entire city. Once you have their tower or substation, it’s practical to deploy field assets to cover the few blocks involved. Once you have someone’s location, you have a triangulation from cell towers, or the official location of their jackpoint. (If they get your RTG and then you start winning the contest, you can put them onto the wrong LTG, and so on.) Further measures are possible— for a Fate point, if you have an appropriate aspect, you can be rappelling out the window when the jackbooted goons are kicking the door of that neighbor whose Matrix connection you spliced into after the fifth time they insisted on microwaving fish in the shared kitchenette. (If you’re announcing such measures ahead of time, that’s usually Scrounge+Hack or Crime+Hack. Being too far from your jackpoint introduces unacceptable levels of lag, which your cyberdeck will notice long before your organic brain does.)

Social Engineering

A big part of hacking is exploiting the weaknesses in the panhuman element. Whether it’s leaving malware-riddled data storage devices in places where curious primates will plug them into their work computers or making emails convincing enough to get people to click on that link, Prod+Hack is a great way to Create an Advantage like Friend Inside the Firewall.

Phishing requires more background work, but can be extremely effective. In an era of real-time sound and image conversion, a decker can assemble a digital mask that lets them impersonate an aggravated, harried boss on a video call to a nervous underling. Con+Hack is the skill for phishing.

Phisherman (1): +2 to using Con+Hack for social engineering.

Bribery is another option. Scrounge+Hack can make a target distracted by anything from a sudden deal on an expensive goodie on their wish list to winning an all-expense-paid vacation for two.

Rainmaker (1): +2 to using Scrounge+Hack for bribery. This usually consists of manipulating existing lotteries and discounts rather than having huge cash reserves.

Social engineering hackers are presumed to have plenty of these things ready to go at a moment’s notice. Getting them all ready is an off-camera downtime activity.

Note that success at a cost in social engineering often means that your target gets in trouble for your hacking shenanigans... but they may want revenge.