Adventure - Escape the (networked) dungeon

[cryptomancer-actual]

Hi all!

I decided to get marching on this idea that @chadsansing put in the repo homepage:

"Wake up in a strange fortress full of Shardnet-connected devices that want to keep them trapped inside. Can they solve each device’s puzzle to escape their prison? Can they discover the impostor among them working against the group? Can they figure out how they got trapped behind the fortress walls?"

From a project management standpoint, here are some tasks we'd need to execute on:

-Design a map of the dungeon, or a conceptual layout of the dungeon that can easily be described by the person running the adventure.

-Design the backstory of why the players are in this dungeon, and potentially keep it generic as possible so it can fit into custom campaigns.

-Design the physical security controls of the place (the cells, the locks, the death-traps, the alarm bells, the guards, the monsters, the architecture, and the guard's response plans, etc.).

-Design some evocative scenery, environments, and objects to be included in the adventure, so the players can really feel immersed in the fictional game world.

-Design the communication Shardnet(s) used by the keepers of the dungeon to facilitate communication between guards. Make sure that some parts of it are designed vulnerable, so players can have fun and learn about good/bad security practices (like not encrypting private communications).

-Design the layout and Shardnet architecture of connected devices (e.g. remotely controlled doors, gates, traps, scrying "cameras," etc.). Like above, make sure that some parts of it are designed vulnerable, so players can have fun and learn about good/bad security practices (like allowing physical access to sensitive systems).

I figure the design process will be iterative, so we'll keep working on separate pieces and then discussing among the group, until the adventure gels into something we're all proud of.

So, who would like to jump in and take on any of these tasks?

Lastly, please be sure to view the README and the Code of Conduct if you haven't already. All contributed content should be suitable for all ages, all peoples, and all backgrounds.

[cryptomancer-actual]

As a useful resource, Cryptomancer has a chapter called "Mundane Security" which is all about physical security, not cybersecurity (though there is always a lot of overlap). The chapter begins on page 302 of the PDF, with the most important section "The Dungeon is a System" on pages 306-308. See Issue #11 if you need your free copy of the game!

[Masterwolf2050]

I can help with the dungeon fi you need it

[cryptomancer-actual]

@Masterwolf2050 Totally... any of the above tasks you are interested in working on?

[BakuDreamer]

I'm more about the fictional elements and back-story than anything else. This ' dungeon ' is very similar to where I was going with this in the first place. However, I didn't have the PCs just mysteriously waking up there. They were accidentally summoned / gated in by a cell of a faction that wants to resurrect the Angel of Death who's trapped in a sepulcher the moon.

They're all dead now and the gate is broken. They didn't know how the place they're in works either, they only got as far as the room where the summoning grid was. { It resembles the Constanța Casino in Romania, if that was built flush along the top of a 20.000 tall mountain peak ] The software-Djinn that was operating the gate is still there. It performed some emergency procedures and has some helpful things to say, but it's never been out of the room they're in. ( And so on ... )

[Masterwolf2050]

    I can do top down maps

    Get Outlook for iOS

On Tue, May 16, 2017 at 9:14 AM -0500, "Brendan" notifications@github.com wrote:

I'm more about the fictional elements and back-story than anything else. This ' dungeon ' is very similar to where I was going with this in the first place. However, I didn't have the PCs just mysteriously waking up there. They were accidentally summoned / gated in by a cell of a faction that wants to resurrect the Angel of Death who's trapped in a sepulcher the moon.

They're all dead now and the gate is broken. They didn't know how the place they're in works either, they only got as far as the room where the summoning grid was. { It resembles the Constanța Casino in Romania, if that was built flush along the top of a 20.000 tall mountain peak ] The software-Djinn that was operating the gate is still there. It performed some emergency procedures and has some helpful things to say, but it's never been out of the room they're in. ( And so on ... )

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[cryptomancer-actual]

@Masterwolf2050 That would be awesome! Do you want to just run with it, or discuss what kind of rooms / environments we'd need? Either way works.

@BakuDreamer I'm thinking that might be a little too much backstory and maybe a little too "mind-bendy" for an introductory/teaching module. However, I do like the inspirational architecture images, and I think it is a great idea to have some kind of helpful spirit floating around around the shardnet as a way for the game master to provide clues to the party if they get stuff. Perhaps the spirit uses true name cryptography to communicate with them, so the admins of the dungeon can't see their communications.

[BakuDreamer]

The PC would successively meet three helpful characters. First the Djiin-like entity ( a sandestin, if you're familiar with Jack Vance ) that was operating the gate. { I had it that so that it performed an emergency procedure and is actually grafted to the PCs now saving them and itself but destroying the gate }

[ They way I was starting with this is the PCs are - not from - the Cryptomancer world and have zero idea about what's going on. The sandestin starts explaining it to them about truenames and soulkeys. ( This is also how that thing about some of the PCs having two truenames and no soulkey came up, but, that's not relevant here )

They have to get across a bridge from where the gate is to the main structure on the mountain. The gateway chamber is on a spire separate from the rest of the mountain. Getting the bridge to operate is the first task.

Sort of like this : except they're at about 15,000 and it's freezing cold and hard to breath outside

​ ​

Once they're across, they'll find a room with big shard-node and they can get on the shardnet. Getting it turned on and using it is the next task. When they do that they'll wind up talking to a behir ( Remember the behir from S4 ? This is one that talks ) He was ( or says he was ) an adversary of the faction that messed up the summoning and brought the PCs there. He explains where they are ( it's like an airport lobby for magicians and magical creatures ) and what they need to do is get the elevator to work and get down to the vault level. ( He will probably become the PCs handler eventually. They might not find out he's a multi-legged dragon-like creature until later on someday ) < He's a cryptoadmin >

[image: Inline image 1]

{ This was sort of the general concept I was developing }

On Thu, May 18, 2017 at 4:53 PM, cryptomancer-actual < notifications@github.com> wrote:

@Masterwolf2050 https://github.com/masterwolf2050 That would be awesome! Do you want to just run with it, or discuss what kind of rooms / environments we'd need? Either way works.

@BakuDreamer https://github.com/bakudreamer I'm thinking that might be a little too much backstory and maybe a little too "mind-bendy" for an introductory/teaching module. However, I do like the inspirational architecture images, and I think it is a great idea to have some kind of helpful spirit floating around around the shardnet as a way for the game master to provide clues to the party if they get stuff. Perhaps the spirit uses true name cryptography to communicate with them, so the admins of the dungeon can't see their communications.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MozillaFoundation/mpa-cryptomancer-challenge/issues/12#issuecomment-302572034, or mute the thread https://github.com/notifications/unsubscribe-auth/AakbReXPHInjF_Fa9MI7KG8F5vYw4kHwks5r7NnrgaJpZM4NYipq .

[chadsansing]

@BakuDreamer, I love the idea of 3 helpful gatekeepers. Very archetypical and ready to be turned sideways by Cryptomancer.

Echoing @cryptomancer-actual, I'd really encourage everyone to keep in mind how Cryptomancer does a great job teaching players about infosec. The game routinely mixies world-building text with text that addresses the reader directly and explains connections between real-world infosec skills and fantasy representation of them in the game.

As we develop adventures, we should definitely take time to make sure we unpack, explain, and illustrate the real-world skills we want players to "see" and pick up from playing. That is the big point of the project.

I'll drop a reminder in an issue next week and again right before the sprint.

[BakuDreamer]

Setting up the conversation with Izarth the behir would be the first ' true auth ' example and demonstration maybe, and possibly use the ' secret color ' analogy. The sandestin don't have true names they have true colors. Homberg, the sandestin, agrees to use his color name to set up a connection.

​ ​

So they agree on a shared color with Izarth, who has a secret color too. ( It's not his, he won it in a card game, and it's only useable once )

They mix in each of their colors to the shared colors and exchange them.

On Fri, May 19, 2017 at 3:11 AM, Chad Sansing notifications@github.com wrote:

@BakuDreamer https://github.com/bakudreamer, I love the idea of 3 helpful gatekeepers. Very archetypical and ready to be turned sideways by Cryptomancer.

Echoing @cryptomancer-actual https://github.com/cryptomancer-actual, I'd really encourage everyone to keep in mind how Cryptomancer does a great job of mixing world-building text with text that addresses the reader directly and explains the connections between real-world infosec skills and the fantasy representation of them in the game.

As we develop adventures, we should definitely take time to make sure we unpack, explain, and illustrate the real-world skills we want players to "see" and pick up from playing. That is the big point of the project.

I'll drop a reminder in an issue next week and again right before the sprint.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MozillaFoundation/mpa-cryptomancer-challenge/issues/12#issuecomment-302664553, or mute the thread https://github.com/notifications/unsubscribe-auth/AakbRRBnqyTt1f-U7_CxX8A2QGwdvjIpks5r7Wq3gaJpZM4NYipq .

[cryptomancer-actual]

Thanks @chadsansing !

I guess I'd like to take a second to explicitly establish the learning/teaching goals of this adventure:

• Create a fun play environment that encourages players to really explore the "connected" aspects of a dungeon and leverage Cryptomancer's "hacking" spells to fun effect.

• Educate players on the risks and rewards of IoT devices (e.g. a door that can be open/shut remotely is very useful, but how might it be abused by malicious actors if it's keyphrase is not properly secure?).

That said, for this adventure, I'm pretty adamant about sticking to very generic fantasy tropes so that no time is wasted introducing new mythologies or other story components that would distract from the adventure's intent.

@Masterwolf2050 Later today, I am going to spend some time thinking about what kinds of rooms or environments might be fun to include, which may or may not be helpful to your design. Just curious, do you draw maps by hand or use a tool?

[BakuDreamer]

​Use the creative commons ' Blue Keep ' maybe ?

​

On Fri, May 19, 2017 at 7:42 AM, cryptomancer-actual < notifications@github.com> wrote:

Thanks @chadsansing https://github.com/chadsansing !

I guess I'd like to take a second to explicitly establish the learning/teaching goals of this adventure:

-

Create a fun play environment that encourages players to really explore the "connected" aspects of a dungeon and leverage Cryptomancer's "hacking" spells to fun effect.

Educate players on the risks and rewards of IoT devices (e.g. a door that can be open/shut remotely is very useful, but how might it be abused by malicious actors if it's keyphrase is not properly secure?).

That said, for this adventure, I'm pretty adamant about sticking to very generic fantasy tropes so that no time is wasted introducing new mythologies or other story components that would distract from the adventure's intent.

@Masterwolf2050 https://github.com/masterwolf2050 Later today, I am going to spend some time thinking about what kinds of rooms or environments might be fun to include, which may or may not be helpful to your design. Just curious, do you draw maps by hand or use a tool?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MozillaFoundation/mpa-cryptomancer-challenge/issues/12#issuecomment-302721803, or mute the thread https://github.com/notifications/unsubscribe-auth/AakbRXXBe_25h-T7Sm4tGCd2-4iq3wIqks5r7apxgaJpZM4NYipq .

[chadsansing]

@BakuDreamer - definitely stick with as many open-licensed assets as you can or ask for help making new assets for your adventure using an issue labeled 'help wanted.'

I think our users and learners will be most interested in what they can experience and learn and use in real life, as well as within the game, so we might prioritize the mechanics and puzzles and encounters we'll use before finalizing setting details.

[BakuDreamer]

Anti-gigaphid night-time air-raid tower

[cryptomancer-actual]

@BakuDreamer LOL, amazing.

Semi-related, I was thinking about the cryptovault in this dungeon. It's locked up tight, but if the cryptoadmin gets in trouble (perhaps someone shard-warps in), there is an alarm bell he/she pulls, which notifies the entire compound that the cryptovault is under siege and causes many/most of the guards to swarm to the vault. Of course, like any control, this can be used against them.

[BakuDreamer]

Could be a set-up for the ' Patented Coleville Screw ', if you're familiar with Matt Colevill's youtube series.

Shard warping ... as far as I understand it would fall under indecent exposure / lewd conduct statutes if there are any. If they're aren't any standing attire-laws you could be charged under a Vagrancy Act that most places have for doing that.

However, what the Admin might have is a shard-warp eject button for an emergency, that warps him out of there. If the vault is getting breeched he might have a one-use spell charge on a scroll or in a ring - or it might be an installed unit of a standard type.

[image: Inline image 1]

On Sat, May 20, 2017 at 2:11 PM, cryptomancer-actual < notifications@github.com> wrote:

@BakuDreamer https://github.com/bakudreamer LOL, amazing.

Semi-related, I was thinking about the cryptovault in this dungeon. It's locked up tight, but if the cryptoadmin gets in trouble (perhaps someone shard-warps in), there is an alarm bell he/she pulls, which notifies the entire compound that the cryptovault is under siege and causes many/most of the guards to swarm to the vault. Of course, like any control, this can be used against them.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MozillaFoundation/mpa-cryptomancer-challenge/issues/12#issuecomment-302899090, or mute the thread https://github.com/notifications/unsubscribe-auth/AakbRUKQV56z5ZzmUN5XC4XxTEJbvE-bks5r71cEgaJpZM4NYipq .

[cryptomancer-actual]

@BakuDreamer Yes, the game mechanics say that all a character's equipment gets left behind if they shardwarp. It was put in the game for balance purposes. "Eject button" is a good design feature.

Anyways, Notes on Shardnets:

There will be a cryptovault with a golem and maybe 1-2 cryptoadmins.

There will be a shardnet for the guards ("Guard-net?). Each of the dungeon guards will have one of these so they can communicate with each other. The cryptovault also contains a single shard from this shardnet so he/she can serve as dispatch and coordinate the guard's actions.

There will be a shardnet for surveillance ("Scryer-Net"). These shards are in hard to reach places scattered throughout the dungeon, along with one in the cryptovault. The function of this shardnet is serve as a closed-circuit surveillance camera network to monitor the dungeon.

Lastly, there will be be a shardnet to command crypto-gear machines ("Gear-Net"), such as cell doors, security doors, the doors that cage scary monsters ("release the troll!"), a railroad switching system (potentially used to facilitate an escape), as well as activate/deactivate other machines we invent (like the aforementioned anti-air bug-zapper).

All of these shardnets will be used by the guards, cryptoadmin, and golem, but of course, the players will be able to access them to if they are able to get a hold of shards. And that's where things will get really exciting.

So, one task will be to document how the cryptoadmins, golem, and guards use these networks. If they are practicing good security, they would segregate these networks and use good encryption and keyphrase management practices. However, because this is a fun learning adventure, I am hoping to help design really bad security practices... guards using clear-text, cryptoadmin not monitoring traffic, and bridging networks (so players can potentially sniff communications and keyphrases from the Scryer-Net, etc.).

[Masterwolf2050]

@cryptomancer-actual if you want to send the ideas my way I can have a look over them and see what I can do with it. as for what i use for map design, I use Arcane Mapper

[cryptomancer-actual]

@Masterwolf2050 Do you know if you can use assets created with Arcane Mapper in a published product? Like, have you reviewed the end user license to see if that's OK? I want to make sure we wouldn't be sued if we published your maps (or the graphic assets in the product) in a free product.

[Masterwolf2050]

I can look into that

[Masterwolf2050]

I also would have to make my own assets to fit the game feel seeing that it lacks a proper tile set

[cryptomancer-actual]

Cool. Simple black and white would probably be best, because then it's easily printable, and consistent with the retro black and white feel of the text.

[Masterwolf2050]

cool

[BakuDreamer]

If the dungeon wasn't actually built by dwarves themselves, it'll still use Dwarven and Intersphere Standards. ( DSI / ISO )

Identifying whatever standard was used when the place was built to would be a clue to start with. On the shardnet you might be able to find the bluelines / whiteprints, permits, titles, elevation drawings, the drainage plan, site survey, landscaping, etc.

The CCSS ( Closed Circut Shard Scrying ) network installations might resemble 'Operay' surgical lamps from the 1920s. The shard is in the center sphere surrounded by adjustable mirrors.

[chadsansing]

@BakuDreamer - that Dwarven standards bit is funny.

As you visualize the other pieces, be sure to work towards the simplest model that can still convey the privacy & security concepts you want to teach in your adventure. If you include the names of very specific items, take time to break the 4th wall and explain your connections clearly for new players and players new to online privacy & security concepts.

[cryptomancer-actual]

Some rooms/environments the dungeon would need:

• Cell blocks and cells: for all the prisoners. This would be the starting point for the adventure. The first challenge would be escaping from the cells. I wonder if the party should all start in one cell, or they are in different cells. (I like idea of different cells, and they they don't know each other to begin with).

-Living quarters, etc: Because the dungeon is staffed by people, it probably contains a barracks where guards sleep, a kitchen/larder for food (and gruel) prep, and some bathrooms.

-Functional rooms: The dungeon probably has a loading dock or two, where wagons can pull up and drop off food, supplies, fuel, weapons, as well as new prisoners and new guards. It might have a "landing pad" for a gigaphid rider making an important delivering (like a crypto-signed pardon or stay-of-execution from the local governor).

-Watch towers, control rooms: The dungeon probably contains a few places where guards can observe what goes on and react when they see bad things. There might be towers along the dungeon's exterior walls, looking in on a courtyard (where prisoners get some daylight) and looking out of the wilderness outside the dungeon. There might be rooms inside the dungeon that function like check points or man traps, to ensure that any prisoners or tresspassers have to go through them if they are wondering around the dungeon.

• Cryptovault: this is the data center where the cryptoadmins and golems live. See pg 267 in the book to get an idea of how big a golem is. The room is a very large vault-like room. The golem itself needs a source of power, which means it could either be attached to a windmill that's high above the dungeon, a water wheel that is dipping into an underground lake below the dungeon, or it is steam powered (and the dungeon uses prisoners to mine for coal).

-Corridors and mazes: any big complex is gonna' have a series of hallways, tunnels, and mazes to reach various places. Just like other places in the dungeon, there would be scrying shards placed in strategic locations (e.g. a crossroads in the dungeon) to monitor what is happening.

-Machine rooms: if there are large machines involved in maintaining or securing this dungeon (e.g. giant bug zappers, steam engines, etc.), there need to be rooms that permit engineers to access and work on these machines and perhaps refuel them.

[cryptomancer-actual]

Ideas for Scene 1, escape from the dungeon cells:

Assumptions:

Players are in separate cells, but close enough together where they can whisper to each other.

There is at least one guard that periodically walks down the cell block, to listen in on prisoners who might be conspiring or trying to escape. The guard is part of the "guardnet," so will not engage alone, but instead call backup.

Each cell is locked from the outside, meaning that any player attempting to pick the lock would be doing so blind by reaching through the bars and picking backwards (a tough lockpick task). Of course, this assumes they've found something to use as a pick and torsion wrench. There might be enough debris lying around in the cells where the group could cobble pieces together and then pass them to the group's best lockpicker by throwing them towards each others cells, reaching for them, etc. Obviously, they don't want the guard to see any of this.

There is a scrying shard fixed to the wall outside the cell, but a very agile prisoner could be able to reach through their cell door and touch it (a tough escape artist task), view any recent traffic on it, and use any shardbased spells they have. There might be interesting echoes on the scryer net: 1) perhaps one guard accidentally tried to use the keyphrase to open a cryptolocked door on the scryer net, so there is a useful keyphrase which might come in handy. 2) perhaps a guard and cryptoadmin were using the scryer net to communicate when they were installing a new shard ("move it to the left, I can't see anything from there"). In this conversation, they reveal secret or diagnostic information about the dungeon.

Teaching or learning angles: 1) players should be encouraged to be very aware of who might be listening to them and begin to establish shared keyphrases that they will be able to use throughout the adventure (assuming they get access to shards / shardnets). They need to understand that if the guard hears their keyphrase, that is problematic. 2) physical access to a network (shardnet) is risky, especially if you don't encrypt. Because the guards assumed that no prisoner would gain access to this network, they had sensitive conversations on it and did not encrypt their traffic.

[cryptomancer-actual]

Guards and the Guardnet

Guards carry their shards like a pocket watch. It is attached to a small chain that tethered to their belt/armor. Swiping or pickpocketing a guard's shard without them noticing is a challenging sleight of hand task.

Guards freely talk in clear-text on the Guardnet, despite the cryptoadmin frequently scolding them about the importance of using cryptomancy. Because cryptomancy requires extra work (a guard has to raise a hand to a shard and think a keyphrase), most of them don't bother. There is a shared keyphrase they are all supposed to use for normal communications ("willows whisper weekly*), and a fallback keyphrase to use if the first keyphrase gets compromised ("crickets croon constantly"). Generally, however, none of the guards use crypto unless 1) there is a suspected compromise of the shardnet (i.e. a guard lost his shard to a prisoner), or 2) they get an official visit from an inspector (who is probably a Risk Eater).

Here are five techniques the players can use to compromise the keyphrases the guard's use for cryptomancy:

1) Pretend to be a guard who forgot the keyphrase, and ask for it ("hey guys, I'm new, what's our keyphrase again?"). This is probably a tough deception task. A fellow guard will probably respond with the answer, and the cryptoadmin will scold them.

2) Coerce a captured guard to provide the keyphrase.

3) Cast "mind read" on a captured guard to harvest keyphrases from his memories.

4) Shardscry into the Cryptovault and notice that the cryptoadmin has a page open in his registry tome that says "This week's keyphrases are..."

5) Crack the keyphrases by bridging the Guardnet with another shardnet that Code Clerics have access to. This would take some doing, and i'll probably discuss this option later.

All this means that if a player gains access to the Guardnet, they can 1) listen in on all guard conversations happening in cleartext, 2) pretend to be a guard and communicate to other guards or the cryptoadmins. If the players gain access to keyphrases, they can continue to do the same even when the Guardnet participants start encrypting their communication.

[cryptomancer-actual]

Crypto-gear idea for the dungeon: Internet-of-things Troll (aka IoTroll).

The IoTroll is a large, scary, dangerous monster that has a crypto-gear magically installed in the back of it's head. It is controlled remotely by a cryptoadmin who can cycle through the trolls behavior routines by issuing a keyphrase. The troll has 3 modes:

A) Passive, helpful builder (Troll will follow simple commands to lift heavy things, breakstuff, etc.) B) Passive, sleepy giant (Troll goes to sleep). C) Aggressive, destroyer (Troll reverts to its natural state of smashing and eating everyone and everything).

The crypto-gear uses sequential logic, which means that when the keyphrase is issued, the troll's mood goes from A to B, then B to C, then C to B, then B to A, then A to B, etc.

The troll is not chained or caged. It wanders around the dungeon helping guards with their construction and fortification projects, or helping with mining operations, etc. Unless it's taking a nap somewhere. It's so big that it can't fit in the smaller corridors of the dungeon, so it mostly hangs out in the court yard, or big vaulted rooms in the dungeon complex.

The cryptoadmin, who is watching the dungeon through the scryer network, will strategically turn the troll aggressive to deal with intruders. However, the troll doesn't know friend from foe, so the cryptoadmin will usually notify the guards stay away before he/she switches the trolls behavior.

Players who gain access to the command shard can also control the troll. Because the cryptoadmin is using bridging the IoTroll and Scryernet when issuing commands (so he can watch the troll's activities), this means that clever players can use this opportunity to command the IoTroll from the Scryer net (because the echoes on the Scryer net will traverse into the Gear-net).

Of course, the players need to learn the keyphrase for the IoTroll (the cryptoadmin will never use cleartext because cryptogear commands don't work unless they are encrypted).

[cryptomancer-actual]

Escape plans:

It should probably be stated at the beginning of the adventure that the players must not only escape the dungeon, but they need to find a way to call for help, because it is in a remote and dangerous location. To do so, players must first find a way to reach out to their allies. Here are the ways they can do this:

-Golems are built around Shardscape shards. The Shardscape is the public internet. The golem does carry a shard from each Shardnet in the dungeon (guardnet, scryernet, gearnet), which means that someone could theoretically instruct the Golem to send a message out to the public Internet asking for help. However, only someone who knows the golem's true name can tell it to pass a message to the outside world. For now, we'll say the Golem's true name is "CypherSquid" for now.

-If players are able to make contact, their allies will say they will send in an extraction team on gigaphids (giant flying insect mounts, page 259, "A giant insect capable of not only leaping great distances and scaling sheer surfaces while mounted, but also capable of maintaining flight for nearly an hour at a time."). However, they tell the players that they must first deactivate the giant magical bug zappers before the gigaphids can safely land.

-If a player provides their True Name to outside help, the outside help will use the Messenger spell to deliver a shard to that player via a tiny rodent. The Shard will be from the Code Clerics. (page 296).. the Code Clerics can then crack any symmetric keyphrase used on any shardnet in the dungeon. They players simply touch a shard from one of the shardnets (guardnet, gearnet, scryernet) while touching the Code Cleric shard. The Clerics will then be able to decrypt any new communication that happens while these two shardnets are "bridged."

[ksedivyhaley]

Initial thoughts on the adventure structure.

Background: The easiest option here is to say that the players are members of the resistance, and that they will be contacting their allies within the resistance for their ride out (I'm pretty sure I saw something about a resistance being part of the setting?). However, if the intent is to allow GMs to insert the adventure into different campaigns, it probably makes sense to provide several suggested backstories - with each backstory providing a set of allies willing to help with the escape.

The three gatekeepers (helpful NPCs) idea - does it make sense to have one of the gatekeepers be a member of the resistance (or other potentially friendly organization) who is locked up with them? In that case no matter what the player backstories you've got a clear set of allies for the immediate rescue, and the players could either be recruited at the end of the session or go their own ways but with the organization left as a potential ally/plot hook for later.

Once you contact the outside allies they could also serve as a gatekeeper if the party is able to establish continued contact in order to ask questions or receive suggestions (and providing the True Name would do this?).

Escape: Rule of thumb you want at least three ways for the party to accomplish any critical task - and I'd suggest more for an adventure geared towards newbies. I'm noticing a lot of ways for them to get access to keyphrases, which is good, but there are a couple of essential tasks without enough developed options: getting out of the cells, contacting allies, and disabling the bug zappers.

1) Get out of the cells. Can be accomplished by lockpicking as you suggested. You've also mentioned an escape artist task to access the shardnet - would they potentially be able to open the cells using that connection either by accessing cell controls or tricking a guard? Another angle would be to go with the "steam powered golem" with prisoners as miners to get them out of the cells. They of course would be well guarded and probably physically restrained in some way, but it would provide new opportunities to break bonds or distract and attack guards (ideally before they are able to raise a warning through the guardnet).

2) Contact allies. We either need three ways to learn the golem's true name or alternative ways to get onto the shardscape. The same methods for learning keyphrases might do - though I'd like to include at least one other access point to the shardscape in case accessing the golem is difficult for other reasons. Could the cryptoadmin have access?

3) Disable bug zappers. I'm thinking remote deactivation, physical sabotage, or some sort of social angle by which they deceive or coerce a guard or other security member into lowering the zapper.

[BakuDreamer]

Could you modify a shard from a private shard-net to be a generic Shardnet shard ? ( Change how it's cut and get an outside line ? )

​

On Thu, Jun 1, 2017 at 1:24 PM, ksedivyhaley notifications@github.com wrote:

Initial thoughts on the adventure structure.

Background: The easiest option here is to say that the players are members of the resistance, and that they will be contacting their allies within the resistance for their ride out (I'm pretty sure I saw something about a resistance being part of the setting?). However, if the intent is to allow GMs to insert the adventure into different campaigns, it probably makes sense to provide several suggested backstories - with each backstory providing a set of allies willing to help with the escape.

The three gatekeepers (helpful NPCs) idea - does it make sense to have one of the gatekeepers be a member of the resistance (or other potentially friendly organization) who is locked up with them? In that case no matter what the player backstories you've got a clear set of allies for the immediate rescue, and the players could either be recruited at the end of the session or go their own ways but with the organization left as a potential ally/plot hook for later.

Once you contact the outside allies they could also serve as a gatekeeper if the party is able to establish continued contact in order to ask questions or receive suggestions (and providing the True Name would do this?).

Escape: Rule of thumb you want at least three ways for the party to accomplish any critical task - and I'd suggest more for an adventure geared towards newbies. I'm noticing a lot of ways for them to get access to keyphrases, which is good, but there are a couple of essential tasks without enough developed options: getting out of the cells, contacting allies, and disabling the bug zappers.

1.

Get out of the cells. Can be accomplished by lockpicking as you suggested. You've also mentioned an escape artist task to access the shardnet - would they potentially be able to open the cells using that connection either by accessing cell controls or tricking a guard? Another angle would be to go with the "steam powered golem" with prisoners as miners to get them out of the cells. They of course would be well guarded and probably physically restrained in some way, but it would provide new opportunities to break bonds or distract and attack guards (ideally before they are able to raise a warning through the guardnet). 2.

Contact allies. We either need three ways to learn the golem's true name or alternative ways to get onto the shardscape. The same methods for learning keyphrases might do - though I'd like to include at least one other access point to the shardscape in case accessing the golem is difficult for other reasons. Could the cryptoadmin have access? 3.

Disable bug zappers. I'm thinking remote deactivation, physical sabotage, or some sort of social angle by which they deceive or coerce a guard or other security member into lowering the zapper.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MozillaFoundation/mpa-cryptomancer-challenge/issues/12#issuecomment-305609800, or mute the thread https://github.com/notifications/unsubscribe-auth/AakbRY_neulci7TvHx5me_mwe0yEm1c6ks5r_x3rgaJpZM4NYipq .

[cryptomancer-actual]

@ksedivyhaley This is good stuff. For any of your points 1-3, would you be interested in expanding any of them? So for example, with the bug zapper aspect, could you maybe describe the A) remote access, B) sabotage, or C) social engineering aspect a bit more? Maybe offer methods/advice, or explain how a game master would explain or frame these solutions for the players?

@BakuDreamer This actually brings up a fantastic idea I hadn't thought of before. So according to the game, if you break a shard into smaller shards, those new pieces become their own (networked) shardnet and are seperated from the previous shardnet they belonged too. Of course, shards lose all connectivity once they become smaller than chicken eggs, give or take. Anyway, here's the idea... players steal a big scrying shard that's in a hallway, and one of them expertly cuts it (maybe the pregen gem-splitter that @KadeMorton created). Not only does this sever that shards connecting to the scryer-net, but now the party has their own private shardnet! WOOT

[BakuDreamer]

That's what I was thinking, I'd get the dwarf-girl who's got the shard-cutting talent knap-off a new shard.

About golem true names : Golem true names ( let's say ) will always be weak true names as they'll always have some partially-known information. Being that a golems name always follows a pattern " Golem # ( name ) " or " ( name ) the Golem " The term 'Golem', a golem number, and such, is always in there. It has to follow that naming convention say, and that makes it weaker.

< And, golems maybe should not have ' real ' soul-keys like people do. They'd be emulations of the soul-keys that people have. ( The same length and have the same characteristics but they're pseudo-soulkeys, and inherently weaker )

​

On Thu, Jun 1, 2017 at 1:43 PM, cryptomancer-actual < notifications@github.com> wrote:

@ksedivyhaley https://github.com/ksedivyhaley This is good stuff. For any of your points 1-3, would you be interested in expanding any of them? So for example, with the bug zapper aspect, could you maybe describe the A) remote access, B) sabotage, or C) social engineering aspect a bit more? Maybe offer methods/advice, or explain how a game master would explain or frame these solutions for the players?

@BakuDreamer https://github.com/bakudreamer This actually brings up a fantastic idea I hadn't thought of before. So according to the game, if you break a shard into smaller shards, those new pieces become their own (networked) shardnet and are seperated from the previous shardnet they belonged too. Of course, shards lose all connectivity once they become smaller than chicken eggs, give or take. Anyway, here's the idea... players steal a big scrying shard that's in a hallway, and one of them expertly cuts it (maybe the pregen gem-splitter that @KadeMorton https://github.com/kademorton created). Not only does this sever that shards connecting to the scryer-net, but now the party has their own private shardnet! WOOT

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MozillaFoundation/mpa-cryptomancer-challenge/issues/12#issuecomment-305614606, or mute the thread https://github.com/notifications/unsubscribe-auth/AakbRQSd10RAp2iYXkP99W9IUcurhY7xks5r_yJ1gaJpZM4NYipq .

[ksedivyhaley]

Private shardnet sounds like a great plan.

Okay, I skimmed the "mundane security" section of the game so I'll give expanding on things a try but may need revision from someone with a better idea of the "teaching security" aspects.

Cells

1. Lockpick as you described - a tough task for the lock picker that also relies on the rest of the group making some sort of assist with scrounge checks to find debris and stealth/deception checks to keep the guards from figuring out what they're doing.

2. Shard access. Once a prisoner makes the escape artist check to touch the shard, they could overhear a keyphrase to unlock their doors directly if you wanted to make it simple. If they've got sending capabilities on the shard they could fake an order to move prisoners (moderate to tough deception task) which would then give them the opportunity to overpower the guards moving them and run (you'd want to give them access to some sort of improvised weapon like manacles or a discarded tool, or the opportunity to sleight of hand a weapon off a guard in case the party doesn't have someone with unarmed combat skill). If they don't have sending capability on a scrying shard, they could alternatively get it by pickpocketing one off a guard (a challenging sleight of hand task).

3. Coal mining break. Prisoners would be restrained with leg-fetters and provided with mining tools which they can use to their advantage by breaking the fetters and/or attacking the guards. If they don't immediately incapacitate the guards then the alarm is raised and backup called in - they could still escape the area, but everyone will be on high alert and the guardnet might immediately switch to encryption rather than cleartext. Tunnels and a mine cart or two add options for moving to other parts of the prison either covertly or in a fast-paced chase scene. A keyphrase-controlled door would provide an easier escape route if the party is able to listen in to a conversation using some kind of shard access.

If the party gets caught then they can't retry the specific thing they got caught at (eg debris gets cleaned up, guards secure their guardnet shards), they are physically punished (causing HP damage?) and the guards put them under closer scrutiny making further attempts to escape more difficult (though not impossible since we don't want the adventure to end that easily).

If the party is sneaky and escapes without raising a general alarm then patrols should still notice the missing prisoners eventually - probably something in the range of 10 minutes to an hour depending on how careful the party is. Might be good to make some kind of chart with modifiers indicating how long it takes for the dungeon to catch on...

I'd also suggest giving the party opportunity to filch equipment at some point shortly after getting out of the cells, whether it's an unsecured storeroom with some basic tools, a room secured by a keyphrase they can get access to (which would have better gear and weapons) or looting off guards.

Contacting Allies

1. Brute Force the Golem? If I understand @BakuDreamer correctly, then the inherent "weakness" of golem true names would make this a feasible option for cracking the golem.

2. Get the Name from the Cryptoadmin. This person should be too smart to divulge sensitive information over the net, but could still be coerced or mind-read. And they might not be too smart to leave it written down (though as this is an important bit of info I'd put it in a drawer or on their person rather than just leaving it out in the open - it would require searching or pickpocketing).

3. Communications console. A (relatively) secure office has a line to the public net. The door is locked (requiring lifting a key from a guard or a lockpicking check which might be of only moderate difficulty if the party has scrounged proper tools by now). There are semi-regular patrols through the area, so if the party doesn't have a way to track patrols and doesn't have a key there's a chance they'll get caught picking the lock. There's also a scrying shard inside the station, so once they're in the party will need to act fast and get out quickly.

Bug Zappers

1. Remote Deactivation. Either in the cryptovault or in the station described in "Contacting Allies #3" there is also a connection to the gear-net with the ability to deactivate the bug zapper. A specific key-phrase is required to do so, which the party could access using the previously described methods for learning key-phrases.

2. Physical sabotage. The mechanism controlling the bug zapper is located near the outskirts of the main dungeon. It's protected by a physical lock and at least one physical trap - let's say a pit trap that secures intruders and sounds an alarm - and getting there requires the party to pass through an exposed area (a stealth task which would be made much easier by listening in to patrols or staging a distraction). If they get to the location without being spotted, though, the party is under somewhat less time pressure because the patrols don't check here as often. Once they've reached the mechanism, they could smash it - raising an alarm and bringing the guards on their heels as they race for the pickup point - or attempt to deactivate it in a way that won't be noticed until the next patrol comes (a traps task?).

3. Access via the guards. I'm thinking some form of authentication over the guard-net might be an interesting way to handle it - that would give an option to either directly manipulate the guards (informing them that there are incoming friendlies might be an interesting option) or pick up their authentication data via bad security practices (eg some guard has used a loved one's name as their password - and has a letter from said loved one on their person). Question - do you want a "two man rule" here, requiring the party to deceive or coerce two separate guards, or do you want to illustrate bad security by distinctly not having a two key control?

[cryptomancer-actual]

@ksedivyhaley This is really great and is exactly the sort of heavy lifting we need to build fun adventures! Don't sweat the learning/teaching component or trying to be super consistent with the game's rules/cannon. We'll be sure to edit and emphasize all those elements when curating the final product.

[tromand]

@BakuDreamer I love the idea of breaking shards to have "hand made" private shardnet in the dungeon !

We can make a "lesson learned" on the misappropriation of com. tech. in the real world (like bad guys using MMORPG chat to plot, or money laundering using online poker games etc.) .

[BakuDreamer]

And so the shard-size question. The smallest a useable shard can be ( currently ) is about the size of an egg. ( ? ) Is there a theoretical limit ? The smallest cut diamond was created around 2010. That's a standard 57 facet ' brilliant ' cut diamond.

​ So that rules out the ' implanted shards ? ' or ' shard-in-a-tooth ' questions. ( Barring further advances in shard-cutting tech )

{ was thinking of something like this with a shard }

​ ​

On Fri, Jun 2, 2017 at 2:16 AM, Romand Tiphaine notifications@github.com wrote:

@BakuDreamer https://github.com/bakudreamer I love the idea of breaking shards to have "hand made" private shardnet in the dungeon !

We can make a "lesson learned" on the misappropriation of com. tech. in the real world (like bad guys using MMORPG chat to plot, or money laundering using online poker games etc.) .

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MozillaFoundation/mpa-cryptomancer-challenge/issues/12#issuecomment-305734718, or mute the thread https://github.com/notifications/unsubscribe-auth/AakbRfb5zPoPC3dvNayL5rns7BWDeQWaks5r_9LWgaJpZM4NYipq .

[chadsansing]

Loving the conversation and participation here!