Hacking in Starmourn, Redux

When I first started thinking about hacking in Starmourn, I made this blog post about it.

In the months since then, I tried various types of designs, including one potentally interesting pseudo-graphical (using ascii graphics) idea that may make it into the game someday, but ultimately we’ve settled on two types of hacking. The first is a simple skill check for trivial hacks that have to go quickly like an opponent’s wetwiring system. That’s not what I’m going to talk about in this post though, as there’s not much to talk about there.

What I am going to talk about is the method we’re going to use for longer hacks. For instance, perhaps you need to hack into a corporation to steal blueprints for, say, a large spherical planet-destroying Deathsun…or something. Here a skill check is not really satisfying. Instead, hacking will work like this:

  1. You’ll find a terminal connected to the grid you’re trying to hack. Each grid has a difficulty rating, and it’s essentially impossible for you to hack a grid very far above your skill level.
  2. You’ll leave your physical body behind, taking the form of a virus that’s trying to penetrate into the processor array of the grid, where you can unlock whatever it is it controls. To do this, you need to find the password. Your physical body will be vulnerable while you’re hacking the grid, so in some cases it may be advisable to bring along protection.
  3. The grid has various types of defenses it will deploy against you, from polymorphic antiviruses to firewalls to honeypots and more. Each behaves differently – for instance, the firewall will stop you from propagating in that direction, while polymorphic antiviruses transform into more powerful antiviruses after absorbing enough Ops from you.
  4. Those defenses will try to destroy your virus by attacking its Ops, which is short for GigaOps and represents the capability of your virus. The higher your hacking level, the more Ops you’ll have.
  5. Hacking map example

    Hacking map

    Making this a bit more difficult is the fact that each grid is randomly generated when you enter it, and you don’t have a ‘map’ of it. Only n/e/s/w directions exist, and the map will unfold square by square as you enter new grid circuits (themed name for rooms here).

  6. You have various functions you can deploy against the defenses, like Ping(), Infect(), Overwrite(), Backdoor() and more.
  7. Each of those functions uses up Ops, as does movement via the Propagate() function. Further, your Ops tick down simply by being in the Grid, so there’s time pressure.
  8. The grid defenses will attack you, draining your Ops as well, though you’re able to recover Ops from destroying some types of antiviruses.
  9. Certain types of antivirus defenses will drop one character of the password. When you think you have enough to guess what the password is, you find the processor array, and take a stab at the password. If you’ve waited until you’ve found all the letters in a password, you’re assured of success, but sometimes you may realize that you’re going to run out of Ops if you do that, and so are forced to take a guess based on which letters you have. For instance you may see “GA*GO*LE” and reasonably guess ‘gargoyle.’ We pull the password from a list of somewhere around 40,000 English words, so most players will never encounter the same password twice. Guessing the password incorrectly will cause immediate failure, causing expulsion from that grid and keeping you locked out of it for a period of time. Of course, we’re aware that people will cheat and use scripts to guess words with the least possible letters, but that will be strictly against the rules, and unlike some kinds of scripting, will be a bannable offense where we can catch it.

It can be challenging, but there’s the random factor to deal with in terms of grid generation, what enemies get generated in the grid, and where. All grids aren’t equal, and it’s quite likely that a grid of a particular difficulty rating may be substantially easier or harder than another of the same difficulty rating simply through the vagaries of procedural generation.

In the name of keeping things thematic, you’ll also find that the ‘combat’ you engage in with the antiviruses feels a bit different from other types of conflict.

For instance, as an example. My entered commands are all-caps.

Directory list of 3,1
[106/140 s]


Infect.Result(“antivirus”, 11)
[99/140 *]


[96/140 s]


Load(“Overwrite self-replicating_antivirus”, 300)

[92/140 *]

Overwrite.Result(“antivirus”, 24)
PasswordUpdate(“D”) -> Display($pass) -> DE*****

Perhaps the only thing that you probably can’t puzzle out with a little thinking is what the s and * mean. That’s just whether you have sync or not, which is equivalent to balance.

We’re also going to be putting in at least one other hacking method, but that’ll be post-release.


  1. Neex on April 10, 2017 at 2:16 am

    This already looks awesome. Pretty much how I imagined hacking would be in the end. Hope to hear about more updates soon!

  2. Sanibak on April 11, 2017 at 5:07 am

    Interesting idea, but I think your write up exposes a big flaw in your current design. Specifically this line: “Of course, we’re aware that people will cheat and use scripts to guess words with the least possible letters, but that will be strictly against the rules, and unlike some kinds of scripting, will be a bannable offense where we can catch it.”

    Like it or not, people can and will use anagram engines and other scripted mechanisms to aid them in guessing passwords for in-game rewards. You even said that you are aware people will cheat. Why would you create a game system that is so easy to cheat, and you KNOW people will cheat, just to ban them for it? It makes it sound like you want to ban your players. Some people play for RP and do not care to cheat a system, but your company profits off the powergamers who are willing to buy credits, lessons, artifacts, etc. to gain every advantage they can. Are you really going to ban them if you suspect this form of cheating? That seems like a poor business choice caused by poor game design. If you don’t ban the whales but only enforce this rule on f2p players that is another problem.

    If the rewards are insignificant, so it’s not worth cheating, then players will not bother doing your hacking minigame after they experience it a few times. If the rewards are worthwhile some players will cheat. You cannot stop people from using out of game tools to aid with this password guessing, and it’s pretty low-hanging fruit for what sounds like an otherwise detailed system. I would prefer in-game “hacking” that involves strategy, logic, or some puzzle/mechanic that can’t be cheated with a simple hangman solver online.

    Best of luck with Starmourn. I would like to try a good sci-fi MUD when it’s ready.

    • matt on April 11, 2017 at 5:10 am

      Ultimately, there is no type of MUD gameplay that can’t be scripted. It’s just a reality. I don’t like it, but in a world where computers are better than humans at chess and go, and will soon be better at literally every game that doesn’t involve free-form dialogue (like Diplomacy).

      However, arguing that people shouldn’t be banned for cheating is like arguing that it’s not reasonable to arrest people for breaking into your house because the nature of a door ensures that people are able to break into it.

      • Sanibak on April 11, 2017 at 7:47 am

        Just to clarify, I am not arguing that cheaters should not be punished. Rather, it seems difficult to definitively spot cheaters and remove them in this situation. Maybe the in-game hacking is more difficult than what I am imagining. Perhaps having the password is almost half the battle, and you still have to use the in-game mechanics to battle your way to the “processor array” where you enter the password.

        If that is the case, then a cheater using a computer-assisted word guess does not trivialize the rest of the hacking mini game. If so then that addresses my point. I just think good game mechanics should mitigate the impact such cheating would have on the game instead of hoping that (1) people won’t cheat and (2) you’ll be able to catch and eliminate cheaters. It’s only a major problem if it’s very easy to cheat and difficult to catch people cheating.

        Unlike your analogy of breaking and entering, which is not what I was saying, it seems more like having a game of trivia pursuit online and telling people they can’t google the answers. How do you tell if someone is just very good at trivia versus someone who googles all the answers? It seems even harder to catch a cheater with word guessing unless you are not worried about being 100% sure someone is cheating before banning them.

        • Sairys on April 11, 2017 at 12:28 pm

          Yeah, it’s a little worrying that there’s threats of bans for something that people can be freaky good at and which google brings up multiple webapps that would also provide solutions without any coding requirement. Players will use solvers for things like quest puzzles, so it seems expected it’ll turn up here.

          I guess the only real concern with how it looks is the potential knowledge gap between players.
          Depending on the words in the list it’s pulling from this could be more difficult for some people and simple for others, especially with uk/us differences.

        • matt on April 11, 2017 at 4:32 pm

          Oh, it’s certainly hard to spot cheaters, but it’s not impossible. Catching all cheaters is never the goal (or never a reasonable goal at least) – it’s making people think twice about doing it that matters more.

          Ultimately, like I said, there is no such thing as a mechanic in a MUD that can’t be scripted unless it involves purely free-form dialogue between players, and yet that does not mean it’s not cheating to do so.

          If you’re playing by the rules, you have nothing to worry about.

  3. Khargal on April 12, 2017 at 9:11 pm

    IMHO scripts are used to remove the boring part of gameplay, like typing or bashing. If hacking IS interesting, it won’t be scripted. BTW, what about the oldest metod of hacking aka bruteforce

    • matt on April 12, 2017 at 11:19 pm

      Unfortunately, that’s not really true. People absolutely script to win, regardless of how cheaty it is, and you see it in everything from MUDs to FPs games (think aimbots) to chess to poker, etc.

      • Khargal on April 13, 2017 at 5:57 am

        Main part of Iron Realms MUDs is RP(at least I hope). You can’t script or cheat it.

        P.S. Have you ever considered adding Permadeath characters with corresponding bonuses?

  4. TA on April 20, 2017 at 7:30 pm

    I used to be pissy about there being rules against things without any controls in place, but that’s unrealistic. Also exposes flaws in the players versus rp’ed “characters” which is helpful in a myriad ways, especially with smaller player pops.

    In any event, I like it. Though I’m curious about the depth of real world effects, if any?

  5. Satomi on April 23, 2017 at 1:02 am

    I ‘love’ Cyberpunk (specifically Shadowrun) and this screams Shadowrun. I’d suggest, if you haven’t looked into it already, to have some form of punishment for failing. Ranging from a desync balance knock towards near-death neural meltdown.

    A moment in Dragonfall that stood out to me was when one of the major characters, at the time, basically had her brain melted to ooze after failing to elude a highly dangerous AI program that was guarding the cyberscape she was roaming in.

    At the same time, in various points of the game, whenever defensive program knocked me out of the Matrix I would take some damage (dangerous in that game, though less so in a mud environment depending on how accessible healing is), and have my action points taken away for a few rounds until I recovered from being forcibly ejected.

    That’d make me put more effort into either paying attention to what I’m using as the pass code, because failing too many times could result in death, and typical dictionary-style things just hit the most likely options.

    • TA on April 24, 2017 at 4:07 am

      +1 the new cpg ones Return. Dragonfall, and Hong Kong are a blast.

      +1 for failure penalties, could justify real world effects also.

  6. Malarious on April 24, 2017 at 11:33 pm

    I know this may be late in the game, but have you considered putting 2 words together and scrambling them?

    This makes it notably harder to quick script, but by giving “locked” letters in the solution, you can still make it human solvable. It would always be possible to script anything if you work hard enough, but there is a point it just does not seem to pay off, and the looming threat of bans should dissuade.

    Abstracting the solution in some ways makes it much harder for the script, but still doable for the humans. Can also have higher difficulty words at more difficult puzzles.

    • matt on April 24, 2017 at 11:37 pm

      Not quire sure what you mean by putting 2 words together and scrambling them. If you mean literally taking two words, like “Sapience” and “Victory” together, so that the final form is something like “OAIVIYRSNCTPEE, then I’d have to disagree that that’s a good solution as that looks virtually impossible to guess to me, even with all the letters revealed. I think your only real chance at that would be a script personally. Maybe that’s not what you mean though?

  7. Hailfire on May 12, 2017 at 1:17 pm

    Hey there. This question is irrelavent to the hacking post and I apologise, but I couldn’t find anywhere else to ask it.

    What kind of roleplay environment will Starmourn be? I.e. Will it be roleplay enforced/encouraged? How does Iron Realms define an enforced/encouraged roleplay environement and if it’s enforced, how?

    Thanks ever so much and all the best!

  8. Abby on June 15, 2017 at 8:24 pm

    Wait, so if people use a computer program to beat a computer program in a video game set 1000 years in the future, that’s ‘cheating’? What’s to stop someone from just saying they hit up Cyber-Google or whatever in the commsphere and searched for an anagram generator?

    • matt on June 15, 2017 at 8:26 pm

      Yes, exactly the same as using auto-aiming helpers is cheating in a sci-fi shooter regardless of whether it’s possible that there are cybernetics someone could trivially access to make them incredible at aiming.

Leave a Comment