Matrix Tutorial

While there are a lot of rules for being a decker including creating decks and writing programs, the actual act of decking is pretty simple. There are a lot of different operations a decker may choose to do on their turn, but at the core, the mechanics for decking operate similarly to someone sneaking around. The decker rolls to perform the operation of their choice and in response to that action the system counters with a check to see if they detect the decker.


The Matrix is a collection of computer systems but is laid out in a very organized manner. Everything is connected, but to get from one place to another you have to travel from your Jackpoint, the physical connection to the Matrix, to the system that you want. If it is local to where you are, that is simple, but if it is not, you may have to travel through other grids to get there.

Regional Telecommunications Grids (RTG): Like modern day power or phone grids, these can cover large areas of the various countries. For example, California has a North and South grid while the CAS has Central, Gulf, Seaboard and Texas.

Local Telecommunications Grid (LTG): These are analogous to the area codes of current communications, and the coverage area depends on the density of connections.

Private Local Telecommunications Grid (PLTG): Comparable to private intranets today that are used by groups to consolidate various businesses or schools or other similar groups. These are closed to the general public and in some cases not directly connected to the normal matrix. They can spread through the world to link the relevant groups together, such as a corporate PLTG that may link all the scientists of a particular research project together, or a PLTG for a government to allow all the officials to communicate.

So, if a Decker logs into a Jackpoint in Boston and wanted to get to a host in Los Angeles, they would appear on the Boston LTG, and would then need to connect to the UCAS North-East RTG. then to the Cal-Free South RTG then to the Los Angeles LTG and then to the host they wanted to access.

To understand the breakdown in North America, the list at RTGs when paired with the following map will help it make more sense:



To create a host, there are many elements which must be known. First, a host is identified with a color and a number. The number is called the Security Value, which normally ranges from 4 to 12 but can go higher. Double digit values represent extreme security. The color is called the Security Code and it is a measure of the level of security precautions on the host. This is usually a designation that would be determined by the type of information the host may have, but some people may get secure hosts out for security and paranoia, even if the information isn't that sensitive.

  • Blue Host: This is most public service databases: Newsfax distribution systems, public libray databases, directories of listed commcodes - pretty much anything free, whether provided by a government, a corp or a private individual. Small businesses too poor to secure their systems tend to have Blue hosts as well.
  • Green Host: These are average systems. They may be a bit more patient than the higher end systems, but they can still load any IC the hotter hosts mount.
  • Orange Host: This is a secure system, prided on being able to store "confidential" data and carry out processing that is important but not absolutely essential to the host's operators. Orange system include the typical factory controller and the networks used by middle management in a typical corporate office.
  • Red Host: These hosts offer the most security that a system may legally carry. They contain "top secret" data, often the kind owners will kill to protect, and mission-critical process controls (life support, vital labs and factories, power grids, and the like). Anti-intrusion defenses tend to be lethal - deckers get no "warning shots" on Red systems.

Mechanics wise, the security value indicates the number of dice rolled to oppose decker's System Tests and rolled for Security Tests.

A host will connect to a LTG in one of four ways:

  • Open Access: Each grid is connected individually to the LTG. Any user, anywhere in the world, can use the public grid to access the hosts. If a decker were connected to one host, they could disconnect from that host and connect to another without having to end their current Matrix session.
  • Tiered Access: The first host is connected to the grid, further hosts are connected to the first host. In the illustration, Host A is the first-tier host, while B, C and D are second-tier systems. The decker would connect to Host A, then can connect to Host B. To get from B to C, the decker would have to go back to Host A first. This could be a chokepoint, where the primary host contains as vicious security as possible, with the second hosts running lower security.
  • Host-host Access: One host is linked to the main grid, the other hosts are linked in sequence. No single host defends the others, instead all perform a job but must share data to do so. This commonly appears in corporate schemas. Only a few machines connect to the public grid, but numerous machines on the second tier of the system are linked to each other. Deckers can only access hosts through other computers that are linked to them. For example, too reach host E, the decker would have to connect to Host A and then go through B, C, and D.
  • Private Grid Access: A PLTG network with all the hosts inside a separate system (the PLTG), access to the PLTG is required before hosts can be accessed. A proprietary communications network inhabited solely by the hosts of a given company, government or consortium. These can range from small LANs (Local Area Networks) to global PLTGs. Once a decker has accessed any host in the private grid, he can access any other host connected to that grid. Within a PLTG, hosts may be organized into tiered or host-host access configurations.

Host Subsystem Ratings (ACIFS)

Hosts will have a series of numbers listed after their Security Code and Rating. They are the hosts Subsystems and represent other aspects of the servers protocols and are the base TN for various actions. These are referred to as Access, Control, Index, Files, Slave or ACIFS for short. These ratings determine the difficulty of certain tasks within the Matrix. When looking at the list of Matrix Operations the Test column lists the Subsystem that the Operation the Decker chooses to do will be against. That sets the base TN of the roll.

The actual Target Number used with the Decker's Computer skill depends on any relevant utilities they have. For example, Logon to Host uses the Access Subsystem rating as the TN and then subtracts the decker's Deception utility rating from the number to get the TN.

Remember that the Host Security information and the Subsystem Ratings are not known by the Decker. While they might be able to determine them by the GM stating when a roll succeeds or fails, the only way to find them out is to perform an operation called Analyze Host, which will give them the details based on the number of successes they get.


Most system operations a decker may perform fall into one of three broad categories: Interrogations, ongoing operations and monitored operations.

Interrogations: These are tests where the decker is essentially in a "dialogue" or interrogation with the system, such as searching for a specific file. To successfully complete their request, the decker may have to perform the operation multiple times, as they need to accumulate 5 or more successes to locate the objective of the search. The gamemaster may choose to assign a number of successes to find a particular piece of data, or give information to reveal to the decker based on the number of successes.
Depending on how the decker defines the criteria for the interrogation, the better the success. A vague or general question get get a +2 TN modifier, while a well-phrased, very relevant or insightful inquiry could get a -1 or -2 TN modifier.
If the host does not have the information the decker is looking for, this is revealed after the decker gets 3 successes or more.
While the decker may find information, it is possible it may not answer the question directly. Instead, it could direct them to another file on another host, requiring the decker to travel through several hosts to find the specific data they are looking for.

Ongoing: These are operations that take time to complete, such as upload or downloads. The time is measured in seconds, according to the rules for the specific operation. If the operation interacts with other events, the gamemaster should calculate the exact point in a Combat Turn when the operation is completed.
To convert seconds to Combat Turns, divide the number of seconds by 3 (round up). For example, a utility upload that requires 6 seconds is 2 Combat Rounds, so if the action was began at the start of Combat turn 3, it would be available at Combat Turn 5's start or halfway through turn 4. If the upload took 7 seconds, that would be 2 Turns plus a 1-second remainder, meaning the uploaded utility would not be available until second or third Initiative Pass of Combat Turn 5 (gamemaster's discretion).

Monitored: These are operations that must be controlled after set into motion. After the decker makes the initial System Test to begin the operation, they must spend a Free Action to maintain the operation each initiative Pass. If they fail to even once spend the action, the operation aborts and they must repeat the operation System Test to restart it.
In some cases, allowing a monitored operation to abort may result in irreversible consequences in the real world. For example, a decker may be running an Edit Slave operation that prevents a security camera from showing human guards the image of the decker's companions breaking into the facility. If the decker allows the operation to abort, the guards may see the decker's companions and foil the run, or worse.

System Responses

Whenever the decker performs an operation, after determining how successful the test is, the next step is for the system to make a security test. The number of dice are determined by the Security Value of the Host, that number after it's color. The TN is the decker's Detection Factor. Any successes are added to a security tally that determines when events happen based off the security sheaf, described below.

Detection Factor should be known by the decker, but it is calculated by adding the Masking Rating along with their Sleaze program's rating, divided by 2, and rounding up. Masking rating is one of the four Persona Programs of a deck, the others being Bod, Sensor and Evasion. No single rating can be more than the MPCP rating, and total cannot be more than three times the MPCP rating. These other ratings will be useful in other tests, such as detecting things with Sensors or when in Combat with Bod for resisting damage.

Denver offers a piece of code to generate the security sheaf, or the steps the host will take when the decker's security tally reaches certain amounts. The command is +matrix/<difficulty> <Color>-<Rating>, ie +matrix/easy Green-4. You can create a sheaf based on this, or you can use the core book and Matrix to help create one if you are building a custom system.

A sample easy Green-4 sheaf generated by the code is here:
5 - Probe-6
9 - Probe-5 with Killer-4
13 - Passive Alert
18 - Scout-4 with Blaster-4
23 - Masking Crippler-5
27 - Active Alert
32 - Evasion Ripper-5
36 - Shutdown
40 - Masking Crippler-6 Cascading
46 - Killer-4 Shielding
52 - Masking Crippler-5

What this means is when the security tally reaches 5, the system sends out a Probe IC rating 6, which is like a security camera for the system as the IC does a Probe test using the rating against the decker's Detection Factor after every test the Decker does and adds any successes to the Security Tally. This is in addition to the normal Secuirty Test made every turn by the GM.


There are four types of IC: White, Trace, Grey and Black.

  • White: designed to attack the decker's online Icon and will not permanently do damage to the decker or their deck.
    • Crippler: reduces the rating of a persona Icon
      • Acid: reduces Bod
      • Binder: reduces Evasion
      • Jammer: reduces Sensor
      • Marker: reduces Masking
    • Databomb: Crashes and causes considerable Icon damage
    • Killer: Designed to attack and crash an intruding decker
    • Pavlov: Causes damage to an intruding decker similar to a Databomb without crashing
    • Probe: Observes and adds a measure of security, similar to a security camera
    • Sentry: Acts as a Probe IC, and also enhances the power of other IC
    • Scramble: destroys and scrambles data
    • Tar baby: Crashes a utility program
  • Trace IC is designed to find a decker's physical jackpoint.
  • Gray is designed to target the decker's cyberdeck and utilities which could result in permanent damage.
    • Blaster: Causes damage to a persona Icon, and can damage the MPCP
    • Ripper: Causes permanent damage to a persona Icon
      • Acid-rip: damages Bod
      • Binder-rip: damages Evasion
      • Jammer-rip: damages Sensor
      • Marker-rip: damages Masking
    • Sparky: Causes damage through electrical overload. May injure both MPCP and decker
    • Tar pit: Destroys all copies of a utility program in memory
  • Black IC is specifically programmed to attack the decker, causing dangerous biofeedback between the decker and cyberdeck, possibly causing permanent damage or even death.
    • Cerebropathic: Non-lethal black IC
    • Lethal: Induces lethal biofeedback to the decker
    • Non-lethal: Designed to knockout the decker
    • Psychotropic: Conditions the mind of the decker to perform erratically
      • Cyberphobia: induces Matrix and simsense phobia
      • Frenzy: inspires maniacal rage
      • Judas: induces unconscious compulsion to betray
      • Positive Conditioning: inspires love of the company, prevents the character from acting against the company
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License