PACKET — Operator's Manual

‹ home · changelog · download (Windows)

You're a netrunner. Dial into the BBS underground, read the boards to pull leads on vulnerable machines, break in, loot the paydata, and reinvest in better gear and 0-days — all while a trace races you and your global heat climbs.

fiction only Every target, BBS, exploit, and 0-day is procedurally generated make-believe. Nothing here touches a real network.

01 — The core loop

dial a BBS → read leads / take jobs → extract → connect → break in → loot → upgrade

Recon. phonebook, then dial 0118-999-881. Browse boards, read swaps, and extract 0 a lead — it becomes a real target in your log.
Breach. hangup, connect <host>, scan the ports, then foothold <port> → privesc → (pivot) → exfil.
Cash out. exfil the payload for credits + reputation.
Level up. Rep unlocks higher BBS tiers and richer targets. Spend credits on a market board.

Type help anywhere — it's context-aware (home shell / BBS / target). Type status to see your operator, rig, and location at a glance.

02 — Your first hack — a walkthrough

New here? Do exactly this. It takes a machine from a rumor on a board all the way to root and a payday. Everything you type is shown in code.

Dial the underground. You boot up knowing one board system. phonebook lists the numbers you have; dial 0118-999-881 connects you to THE BLACK ICE BBS. You're now in BBS mode.
See the boards. boards lists this system's message boards. As a fresh GUEST you can read general, swaps, and jobs — the market and elite boards unlock as your reputation climbs.
Open the leads board. read swaps opens it and lists posts — other runners bragging about soft boxes and leaking partial intel on them.
Read a post. read 0 opens post #0. A lead names a machine and drops a fragment of intel about it (a weak service, a defense, a payday hint).
Extract the lead. extract 0 logs that machine as a real target in your case file. Grab a couple while you're here.
Hang up. hangup drops the BBS and returns you to your home shell.
Check your marks. targets (or log) lists every target you know; log <host> shows one's dossier — tier, collected intel, and payout. Pick a tier 1 mark for your first hit: single host, light defenses.
Jack in. connect <host> tunnels in and drops you onto the gateway with a no-access (guest) shell — now you're in target mode. The clock is running: heat climbs while you sit on a box that isn't yours, and any op you run spins up the per-connection trace. Move with purpose.
Scan it. scan (aka nmap) maps the host: open ports, the software and version on each, and how hard each is to crack.
Get a foothold. Pick a listed port and run foothold <port> — it auto-picks brute or exploit for that service and lands you a user shell. Eyes on the trace bar; if it's racing you can quiet, bounce, or abort to bail clean.
Escalate to root. privesc (aka root) takes you from user to root. The box is yours.
Cash out. exfil (aka loot) steals the payload — credits + reputation.
Keep a key (optional). Before you leave, backdoor plants an implant: walk back in as root anytime, it joins your trace-cutting botnet, and sitting on it is heat-free. If the dossier showed internal hosts, pivot to go deeper first.
Disconnect & lie low. disconnect (aka exit). Trace resets to zero and your heat slowly bleeds off while you're off-target — rest between jobs.

that's the whole game Repeat the loop. More reputation unlocks the market board (buy gear & 0-days) and higher BBS tiers with richer marks. The sections below explain each piece in depth.

03 — The three modes

Every command depends on where you are. The prompt has three modes:

Mode	You are…	Get there by…
shell	at your home terminal. Heat cools here.	start here, or `hangup` / `disconnect`
bbs	dialed into a bulletin board system.	`dial <number>`
target	tunneled into a machine, attacking it.	`connect <host>`

04 — Breaching a target

Once you connect, you land on the gateway host (gw01). The intrusion chain is always the same:

scan → foothold <port> → privesc → (pivot) → exfil

scan (aka nmap / probe) maps the host: its services, port strength (ICE), patch level, and — with a Packet Analyzer — any traps. Costs a little trace. ports re-shows the last scan for free.
foothold <port> gets you a user shell. It auto-picks exploit or brute based on the service; you can also call them directly. Brute power scales with Hydra-X; exploit power with MetaKit (and older software is easier to exploit).
privesc (aka root) escalates user → root. Scales with your privesc kit vs. the host's patch level.
exfil (aka loot) steals the payload — requires root. Pays credits + rep. Loot every host on a network to own the target.
pivot [host] — after root on the gateway, internal hosts are revealed. pivot lists them; pivot <name> moves you there (you often arrive already at user via networked trust).

which service yields to what ssh / ftp / mysql → brute or exploit · http / https / smb → exploit only · rdp → brute only. If you use the wrong verb the game tells you which to try.

05 — Trace vs. heat — the two meters

These are different and easy to confuse. Learn the distinction; it's the whole game.

⏺ TRACE

Per-connection. Resets to 0 every time you connect / disconnect.
Climbs while ops run (and on scan/pivot).
At 100% the trace completes: the connection is killed and you take a heat hit.
Beat it by finishing fast, going quiet, bounce-ing, or abort-ing.

⚠ HEAT

Global & persistent. Carries across the whole game.
Climbs while you're jacked into a host you don't own (~0.5%/sec) — idle at the shell or mid-op alike, it's the cost of time spent on foreign systems. backdoor a host and it becomes safe turf (no climb).
Bleeds off slowly (~0.4%/sec) whenever you're not on a target — lay low to cool down.
At 100% it's game over — agents kick your door in.
Cut it instantly with a Log Scrubber (scrub, −25%).

the escape valve Mid-job and trace is spiking? backdoor a rooted host, disconnect (heat cools, trace resets to 0), then connect again — you walk back in as root right where you left off.

06 — Pace & live trace control

Every attack (not scan) runs at a pace. Trade speed against trace:

Pace	Speed	Trace	Spike risk
push	much faster	much hotter	high
steady	normal (default)	normal	normal
quiet	slower	~half	low

Set it two ways:

Up front: add the word to the command — foothold 22 push, exfil quiet.
Mid-op: just type push / steady / quiet while it runs to change gears on the fly. abort bails out (you keep your access; trace just holds).

Random trace spikes ("sysadmin just logged in", "IDS pattern matched") add nerve — they're more likely under push and on IDS hosts, less likely in stealth.

07 — Defenses: ICE, honeypots, tarpits, IDS

Hazard	What it does	Counter
ICE	A port's strength bar (█ blocks). Higher = slower to crack and more trace.	More brute/exploit power; a matching 0-day skips it entirely.
Honeypot	Bait port. Touch it and trace jumps +45, heat +15, alarms blaring.	A Packet Analyzer flags it on `scan` so you never touch it.
Tarpit	Crawls your attack to a fraction of normal speed — burns time and trace.	Analyzer flags it; avoid or push through with a 0-day.
IDS	The host runs traces ~60% hotter and spikes more often.	Go `quiet`/`stealth`, `bounce`, proxy up, or move fast.
Firewall	Target-wide; adds to every port's effective strength.	Stronger gear; higher-tier rigs.

see the traps first Without a Packet Analyzer, honeypots and tarpits are invisible on scan — a port "looking too easy" is the only tell. Buy the Analyzer early; it pays for itself the first honeypot it saves you from.

08 — Backdoors & the relay botnet

Once you have root on a host, backdoor (aka implant / persist) installs a rootkit. This does two things:

Persistent access. The host stays rooted & revealed. Reconnect anytime and walk straight back in — even after a trace-bust, your implants survive.
A proxy relay. Every backdoored host joins your botnet and routes future attacks on other targets, cutting trace. Each implant starts with 10 charges and wears out with use — at 0 charges the backdoor burns out and is lost.

Use bounce (aka reroute) during a connection to knock the trace down on demand (20+ base, more with proxy/botnet). It has a ~5s cooldown, costs a little heat, and spends a relay charge if you have a botnet. Planting an implant is noisy (heat +4), so backdoor strategically.

Your botnet isn't only for stealth — you can weaponize it. From the home shell, ddos <host> (aka flood) floods a known mark and knocks it offline for ~45s. While it's down its defenses are soft: breaches against it run at roughly half trace with IDS spikes suppressed — the way to crack an otherwise-brutal high-tier target. It's expensive and loud: needs a botnet of 3+ relays, burns 5 + 2×tier charges, and dumps a big slug of heat. Soften, then strike before it recovers — targets shows a downed mark as [down Ns].

09 — BBS, reputation & access tiers

There are three BBS systems. You start knowing one; find the others with wardial (noisy — raises heat). Each has boards gated behind your access tier, which is set by your reputation:

Tier	Rep needed	Unlocks
GUEST	0	chatter, starter leads & jobs
USER	4	market boards, verified marks
ELITE	10	prime / high-value targets
LEGEND	25	whales & ministries (tier-5 marks)

Earn rep by looting hosts (more for internal hosts and higher-tier targets) and completing contracts. Tiering up unlocks new boards on every BBS at once.

The known systems

THE BLACK ICE BBS — 0118-999-881 · your starter board (tier 1).
DEADLINE // night city — 0900-070-0900 · tier 2, found by wardialing.
THE SWITCHBOARD — 0451-555-0199 · tier 3, premium gear & legend marks.

On a board, read <board> lists posts; read <n> opens one; extract <n> turns a lead into a logged target (and banks any intel attached). search <word> greps every board you can reach. Pulling jobs and breaches makes the boards buzz — fresh chatter, new contracts, and new marks keep appearing, so the underground never runs dry.

10 — Contracts (fixer jobs)

"Jobs" / "work" boards carry fixer contracts: targeted objectives that pay a fixed bounty plus rep on completion. read <n> to see the objective, accept <n> to take it — the mark is handed straight to your log. Types:

Type	Objective
exfil	steal a specific named file from the target host
backdoor	plant a backdoor on the target host
own	fully own & loot the target (every host stripped)

Check active jobs anytime with contracts. They complete automatically the moment you hit the objective — cash and rep land instantly.

11 — Gear & the black market

Find a market board (needs USER access), then buy <id>. Some items require a prerequisite tier first.

Category	What it buys you
CPU	Overclock / Quantum CPU — ops tick faster (less time = less trace).
Hydra-X	+brute power for `brute` footholds.
MetaKit	+exploit power so generic exploits beat newer software.
Privesc kits	Local-root / kernel packs — +privilege-escalation power.
Packet Analyzer	Reveals IDS, honeypots & tarpits on `scan`.
Stealth module	Enables `stealth` mode: ~half trace, slower ops.
Proxy / Onion relay	Permanently cuts trace speed (~45% / ~65%).
Log Scrubber	Consumable: instantly wipe 25% heat (`scrub`).
0-days	Instant access on any matching service (OpenSSH, Samba, nginx, MySQL) — skips ICE, near-zero trace.

12 — Full command reference

Home shell

`phonebook` / pb	list known BBS dial-in numbers
`dial <number>`	connect to a BBS
`wardial`	scan phone ranges for new BBS systems (raises heat)
`targets` / log	your case file of marks & intel
`log <host>`	full dossier on one mark
`connect <host>`	tunnel into a target to attack it
`ddos <host>`	flood a mark from your botnet: knocks it offline & softens defenses (aka `flood`; needs 3+ relays, big heat)
`contracts`	your accepted fixer jobs
`scrub`	burn a Log Scrubber to cut heat
`status`	operator + rig stats
`clear` / `reset`	clear screen / wipe save & regenerate the net
`mute`	toggle sound

BBS (dialed in)

`boards`	list this system's message boards
`read <board>`	open a board & list its posts
`read <n>`	read post #n in the open board
`extract <n>`	turn a lead post into a logged target
`accept <n>`	take a fixer contract (on a jobs board)
`search <word>`	grep all boards you can access
`buy <id>`	purchase gear (on a market board)
`back`	leave the current board
`hangup`	disconnect from the BBS

Target (intrusion)

`scan`	map this host: services, ICE, defenses (aka `nmap`/`probe`)
`ports`	re-show last scan, free (no trace)
`info`	map the whole target & your access
`foothold <port>`	get a user shell via a service
`brute` / `exploit <port>`	force a specific method
`privesc` / root	escalate user → root
`pivot [host]`	list / move to internal hosts (after root)
`exfil` / loot	steal the payload (needs root)
`backdoor`	implant for re-entry + a relay (aka `implant`/`persist`)
`bounce`	cut trace on demand (cooldown + heat)
`stealth`	toggle quiet mode (needs module)
`push`/`steady`/`quiet`	change an op's pace mid-run
`abort`	stop a running op (keep your access)
`disconnect`	drop the connection (also `exit`/`quit`)

log, status, clear, and contracts work in any mode. The line editor supports history (↑/↓) and Ctrl+R reverse-search.

13 — Operator tips

Scan before you strike. ports re-shows it for free — plan the cheapest route in.
Buy the Analyzer early. One avoided honeypot (+45 trace, +15 heat) is worth the price.
A CPU upgrade is a trace upgrade. Faster ticks mean less total time exposed.
0-days trivialize their service — instant access, ~no trace, no ICE. Match them to what you hit most.
Lay low to cool. Heat only decays off-target. Don't chain jobs with a full bar.
Bail clean. abort before trace hits 100% keeps your access and skips the heat hit.
Backdoor your best boxes. A standing botnet quietly cuts trace on every future job.
Can't crack a high-tier mark? ddos it first. Half-trace and no IDS spikes for ~45s turns a brutal target into a doable one — if your botnet can afford the charges and heat.
Take contracts you were going to do anyway — free bonus cash + rep on marks you'd hit regardless.

PACKET · netrunner terminal · v0.11.0 (godot)
fictional game — nothing here touches a real network · type help in-game anytime