[Guide] Stealth Attacks

Various ways of using programs during hacks
Post Reply
User avatar
Posts: 221
Joined: Sun Nov 20, 2016 9:03 am

[Guide] Stealth Attacks

Post by Hell_Diguner » Sun Aug 27, 2017 6:38 am


This guide will have a lot of cross-over with Fluffington's Stealth, Scanners and Code Gates Guide that is more geared towards defending against stealth. I will be fairly brief. You can refer to Fluffington's guide for more detailed explanations with lots of pictures.

The Wiki's section on Stealth is a valuable resource to look up the statistics of programs and nodes at different levels.


Every hack has three phases: Preparation, Stealth, and Brute Force. The Stealth Phase begins when an Access program is installed on a netConnection during the preparation phase. The timer at the top of the screen will display -:-- and a "Visibility Bar" will appear above the program list. This bar starts at zero, passively increases by 20 every second, and becomes full at 3600. Once the Visibility Bar is full, the Stealth Phase is forcibly ended and the Brute Force phase begins. Installing any Brute Force program will prematurely end the Stealth phase. Disconnecting from a hack during the Stealth Phase will prevent the defender from being able to retrace the hacker.

Most stealth programs can only be installed during the Stealth Phase, but some of their effects remain active in the Brute Force phase. More on that later. Stealth programs ignore firewalls. Instead, every stealth program has a visibility statistic that indicates how much visibility is generated by the program every second it is present on a node - whether installing or active. Most stealth programs delete themselves when they finish installing (and apply their effects), but the Data Leech is an exception.

Stealth Programs

Installing Access on a node lets a hacker install more stealth programs on neighboring nodes.
1 second install time.

Disables a node, similar to if it was upgrading. This effect remains active when the Brute Force phase starts. Disabled nodes won't attack or spread antivirus. Disabled Scanners stop working, and disabled Code Gates loose their filter. Disabled nodes also have the lowest attack priority.
2 second install time.

Captures a node, letting hackers start their Brute Force attack from the Portaled node(s) rather than from a netConnection. Note that, unlike a netConnection, a node captured with Portal can be recaptured by the network. Portal cannot be installed on a Code Gate with an active filter.
6 second install time

Data Leech
The only stealth program that can also be used in the Brute Force phase of an attack. It operates the same way during Stealth as it does during Brute Force, except it generates visibility every second it remains active. When one does the math, we find Data Leech must be upgraded to level 8 before installing multiple Leeches lets one steal more money than installing just one Leech. This is assuming the Leeched node isn't under the effect of a Scanner, otherwise it has to be upgraded even more. Note any active Leeches will be forcibly uninstalled when the Stealth Phase ends.
1 second install time. Continues to generate visibility as long as it is active

Stealth Defenses

Applies a multiplier known as Sensitivity to any program's baseline visibility up to 3 steps (consecutively connected nodes) away from the Scanner. This is visually represented in your own network with purple connection lines when you select a Scanner. When multiple Scanners can "see" the same node, only the highest level Scanner applies its multiplier.

Code Gate
Portals cannot be installed on Code Gates with an active filter, and the time it takes to install an Access on a Code Gate (with an active filter) is multiplied by the Gate's filter.

new_install_time = 1 / (1 - (filter_% / 100)).

How to Calculate a Stealth Attack

The formula is simple enough: add together the amount of visibility generated by each program you plan use, and give yourself an extra 100 visibility for human error. If the result is larger than 3600, you can't use those programs in that order without being kicked out of the Stealth Phase. If you become good with stealth, you can reduce the error you give yourself.

program_visibility = [(base_visibility * scanner_multiplier) + 20_passive_visibility] * install_time

total_visibility = sum(program_visibility) = program1_vis + program2_vis + program3_vis + ... + program#_vis + 100
  • base_visibility is the visibility statistic listed on the stealth program
  • scanner_multiplier is the Scanner's sensitivity statistic divided by 100. A level 1 Scanner has a Sensitivity of 120%, so it has a multiplier of 1.2
  • 20_passive_visibility is the 20 visibility that is passively generated every second
  • install_time is the time it takes to install the program
A level 1 Portal installed under the effect of a level 4 Scanner would generate (55 * 1.5 + 20) * 6 = 615 Visibility

A level 1 Access not under the effect of any Scanner, but installed on a level 1 Code Gate (that hasn't been Wraithed and isn't upgrading) would take 1 / (1 - 0.75) = 4 seconds to install and thus generate (162 * 1.0 + 20) * 4 = 728 Visibility

Again, you can find the statistics of programs and nodes at different levels on the Wiki.

Tips, Strategies
  • Many people take screenshots of enemy bases during the preparation phase so they can examine the network without worrying about the 30 second timer.
  • High level Sentries, high level Code Gates, and preventing the spread of antivirus through a choke point are good targets for Wraith.
  • Except under very specific and unlikely circumstances (high level Access, low level Wraith and Gate), Code Gates need to be Wraithed before installing an Access on them to minimize the visibility generated. Never install both programs on a Code Gate at the same time.
  • Wraith's install time is unaffected by a Code Gate's filter, so a level 1 Code Gate is just as effective at hindering stealth as a level 21 Code Gate.
  • Sometimes you need to Wraith high level Scanners, and sometimes you don't. Calculate what will happen if you do or don't Wraith them and decide what's best.
  • Multiple Scanner and Code Gate levels have the same visual appearance. When calculating a stealth attack, you should err on the side of caution and assume they are the highest level possible for their appearance.
  • Portals are usually a waste of compile time, b-coins, and library space if you cannot install them somewhere that lets you skip part of a network's defenses. If all you can do is Wraith two Code Gates at the start of a network and install a Portal on the second Gate, you may as well not compile a Portal at all and just use brute force to (rather quickly) get through the Wraithed Gates.
  • Until about level 30, you'll often find targets who you can steal some money or b-coins from by using only Access and Data Leeches. A few coins here and there isn't prestigious, but it's almost pure profit and Access + Leech is very fast to compile. After level 30 these targets are less common, and this strategy isn't nearly as useful if you have to spend the time and b-coins to compile Wraiths.
  • Pure stealth attacks aren't really viable through the mid-game. The winning strategy through mid-game is to steal as much as you can in the 3 hour "online immunity" window and spend it before logging off. Compiling 4 or more Wraiths and a Portal for every hack takes too long, and there aren't enough super-rich targets to make pure stealth viable. It's easy to min-max defenses against stealth, too. All you need to do is put two or three Code Gates at the front of your network and upgrade one Scanner to prevent most people from getting very far with stealth. See Fluffington's guide for more info about this.
  • Using Access to "temporarily capture" every node in a network will count as a "100% control" successful hack condition.
  • Successfully downloading a Core's database in stealth will immediately count towards the "Download 3 Cores in Stealth" challenge. Entering the Brute Force phase after this will not revoke progress towards the challenge.



This network is vulnerable to a hybrid Stealth + Brute Force attack. The Scanner is not within 3 steps of the first Code Gate, and even if it was, it isn't upgraded as much as it should be for level 27 and only two Gates. Furthermore, the Sentries are placed poorly. If I can Wraith the Black Ice, antivirus won't spread to the rest of the network.

At the time I had level 1 Access, level 1 Wraith, level 1 Data Leech, and no Portal.

First, I assume the Scanner and Code Gates are the highest levels for their visual appearance. Looking at the Wiki, we find the Scanner could be level 7 (2.0 sensitivity multiplier) and the Gates could be level 5 (0.79 filter multiplier).

Using these numbers, I calculated how much visibility would be generated if I use Access directly on the Code Gates on the way to Wraithing the Black Ice, and found it was more than 4000. Then I calculated how much visibility would be generated if I Accessed the first Gate and Wraithed the second one, and found it was much less than 3600. Specifically:

Two unscanned Access + one unscanned Access installed on the first gate + two scanned Wraiths + two scanned Access:

(162+20)*2 + (162+20)*(1/(1-0.79)) + (135*2+20)*2*2 + (162*2+20)*2 = 3079 visibility (plus a little more for human error)

So I don't need to Wraith the first Code Gate to Wraith the Black Ice. I compile the programs and successfully hack Alkatraz. Here's a screenshot a split second before the last Wraith finished installing:


The visibility generated is less than what we calculated. This is most likely because the Scanner is level 6, not level 7. Plugging that into the previous calculation, we have:

(162+20)*2 + (162+20)*(1/(1-0.79)) + (135*1.8+20)*2*2 + (162*1.8+20)*2 = 2905 visibility (plus a little more for human error)
Hell_Diguner - C12L39, Had C12L29 (world record), Shuriken main
DiaboliExMachina - C12L38, Worms+Maniac main
CaptainDavyJones - C12L39, Beams main, will eventually be Kraken main

Post Reply