Skip to content

Netrunning and Device Intrusion

These rules need some playtesting in more game situations and building out multiple Devices with different types of ICE

Cybermancy’s hacking system is designed to support high-tempo narrative play. Most devices in the world are poorly secured, but critical infrastructure and corporate assets employ hardened defenses and active ICE. These rules maintain Daggerheart’s focus on clarity and cinematic momentum.

Device Hardening

Devices fall into two broad categories:

Unhardened Devices Most civilian technology is effectively unsecured. Default passwords, unpatched exploits, and weak encryption are commonplace. These systems pose minimal risk to a skilled hacker.

Hardened Devices These are professionally secured assets: surveillance drones, automated turrets, corporate vaults, secure servers, contract-grade cyberware, and similar infrastructure. Hardened devices contain ICE, which falls into two groups:

  • Walls — passive protections such as encryption layers, access gates, and authentication barriers.
  • Sentries — active monitoring programs and countermeasures designed to detect, isolate, or retaliate against intruders.

Determining whether a device is hardened requires a Hacking: Analyze action.

Unhardened Devices

Immediate Access A hacker automatically gains Control over any unhardened device of their Tier.

Higher-Tier Devices To control an unhardened device above their Tier, a hacker may Mark 1 Stress and make a Hacking roll against a Difficulty that scales with the device’s Tier. Success grants full control.

Unhardened devices never contain ICE; they do not raise alerts on failure unless the fiction demands it.

Hardened Devices

Hardened devices are reserved for high-tension moments or narrative climaxes. They require intentional action to access and may trigger consequences when mishandled. Hackers rely on three core actions:

Analyze

The hacker probes the system to understand its structure.

On success, they learn:

  • Device Tier
  • ICE types present (Walls, Sentries, or both)
  • ICE Tiers
  • One meaningful narrative detail

Analyze is low-risk but not risk-free; Sentries may detect prolonged probing.

Infiltrate

The hacker attempts to slip past ICE or operate within its blind spots.

Infiltrate establishes a deeper foothold than Analyze but provides limited access compared to Control. It prioritizes subtlety and typically has a reduced chance of triggering a system alert.

Use Infiltrate when stealth, persistence, or clean extraction matters.

Control

The hacker executes an overt, forceful intrusion using exploits, injections, recursion traps, and other destructive techniques.

Control grants the broadest access but is the most likely to raise alarms. Most Control actions will increase the system’s Alert Level by at least one step.

Use Control when precision is less important than speed, disruption, or outright domination of the device.

Alert Levels

(If included elsewhere in your ruleset, reference it here. Otherwise: a brief placeholder.) Hardened systems track their awareness of hostile activity through an Alert Level or alert clock. ICE responses scale with that level, from passive observation to full counterattack.

Range and Position

If desired, hacking may be constrained by range bands identical to physical combat ranges, representing signal strength, interference, and available access points. This rule remains optional and should be employed only if spatial constraints meaningfully support the scene.