Posted June 22, 2016
high rated
Due to multitude of contradicting and incorrect information on the webs, I decided to make this guide to however wants to understand the core mechanics correctly.
I have extensively tested the passive and active log by hacking and waiting almost a year without being busted. See attachment.
1. BEING SCREWED
2. TRACES
3. LOGS
4. SERVERS
# BEING SCREWED
You are screwed if:
- you were connected to your target AND the ACTIVE trace was in progress AND you allowed it to finish
- your bounce path was so short, that the ACTIVE trace ended almost immediately
- you cleaned the LOGS improper
- you cleaned the LOGS ONLY on TARGET, AND using Log Cleaner VERSION ONLY 1-3.
- you misunderstood how PASSIVE trace works and let it crawl to you
- you forgot that you were on PASSIVE trace AND there are ALREADY AGENTS near your gateway AND you have no nuke device
- your first bounce point was a regular server which you have NO ADMIN access to AND the time for PASSIVE TRACE to finish is almost over
You are almost guaranteed to survive if:
- you gained ADMIN access to and use Internic as your first bounce point. This for only single reason - Internic never changes ADMIN password. Yet you DON'T have to rely on it, if you understand how stuff works - but its nevertheless most in-secure as starting bounce point (for your benefit)
- you clean logs PROPER using V4 DELETER on your TARGET before ACTIVE trace is finished
- you clean logs PROPER using V 1-3 DELETER on your TARGET before ACTIVE trace is finished, AND then connected via LONG bounce to CLOSER machines to you and cleaned their logs PROPERLY. During WHOLE procedure, you had ADMIN LOGIN to the ENTRY bounce machine: you used Montor BYPASS on LOGIN or you used Internic.
# TRACES
There are two types of tracing: ACTIVE and PASSIVE.
## ACTIVE TRACE
ACTIVE starts when you do something suspicious, like cracking password or accessing admin section.
ACTIVE trace is tracked by "beeps" or remaining time of Tracer.
ACTIVE trace is started by MONITOR software and runs from critical point until you DISCONNECT.
If you manage to BYPASS the monitor, it does NOT start.
- If you just connect WITHOUT LOGIN INTO ADMIN accounts, ACTIVE TRACE will not start.
- if you connect AND LOGIN AS ADMIN on a server WITHOUT MONITOR, then ACTIVE TRACE will not start.
- if you connect AND LOGIN AS ADMIN on a server WITH MONITOR BUT USING MONITOR BYPASS, then ACTIVE TRACE will not start.
There is NO MONITOR DISABLE software, only MONITOR BYPASS.
- if you connect AND LOGIN AS ADMIN on a server WITH MONITOR, then ACTIVE trace STARTS.
- if you connect AND START CRACKING ADMIN account, on a server WITH MONITOR, then ACTIVE trace STARTS REGARDLESS if you bypassed monitor or not.
- ACTIVE trace has NOTHING to do with LOGS. Its a direct live TRACEROUTE/TRACERT to your machine.
- ACTIVE trace stops when you DISCONNECT and in exactly this moment PASSIVE trace starts - and LOGS are analyzed. In PASSIVE trace - LOGS are processed slowly from TARGET to you in a reverse chain. No logs on TARGET - no trace (read more below).
- IF you managed to CLEAN the logs PROPERLY on the TARGET machine when ACTIVE trace was not yet finished - clean BEFORE disconnecting, PASSIVE trace WILL NOT START.
- If you are BUSTED being traced ACTIVELY - you will be de-anomysed by Uplink itself and its either gameover,
criminal record or bribe.
## PASSIVE TRACE
- PASSIVE trace starts in the moment you disconnect, BUT:
- PASSIVE trace starts and continues ONLY IF YOU LEFT suspicious logs on TARGET machine WHEN you disconnected.
- PASSIVE trace is walked reverse of your bounce route. First target is your target.
- PASSIVE trace is done by HACKER NPC. If there are no Hacker NPCs left in game (see Uplink Internal Machine Roster) - then nobody can passively trace you. :)
- ADMIN/HACKER NPC will attempt to UNDELETE the logs - IF your log deleter is LESS than VERSION 4. So get VERSION 4, or delete BOTH TARGET and entry bounce server (Internic during the start phase) logs!
- If you are busted by PASSIVE trace, its usually game over. To prevent this, you can install NUKE and blow the gateway in exact moment. Instead of NUKE, you can use "some" SOFTWARE. But moment has to be exact - and thus you always need a motion sensor.
- If you read this guide, you will understand EXACTLY and predict PRECISELY when you have to fear the PASSIVE trace.
When you get UI Connection Upgrade and Bypass software, you can Bypass Monitor - and thus ACTIVE trace will not be started WHEN YOU LOGIN (not crack) AS ADMIN - for cleaning the logs.
This tremendously reduces time for cleaning logs, because you can connect directly just like to Internic.
But if the password is not accepted, that means admin reseted it and it needs to be cracked regularly again.
Thus you DONT have to use Internic as your STARTING point if you already have properly cracked servers with ADMIN access (those have a white box around icon on the world view).
But its a good idea to use internic in the start and overall its the weakest machine, once you get its admin login - because it will NEVER reset its LOGIN.
# LOGS
There are four types of logs:
1) connection and DISconnection / established logs
2) connection reroute/bounce logs
3) admin or account access logs
4) file or database entry access logs
Your IP is LOGGED when you connect OR DISCONNECT to server by any means: directly or as bounce.
Clean the logs PROPERLY on TARGET machine first - BEFORE disconnecting - DURING ACTIVE TRACE.
Logs are checked ONLY in PASSIVE trace phase, which starts after you DISCONNECT.
If you did not disconnect (and active trace is in progress), logs are still not yet accessed!
Log type 1 is perfectly safe, 2-4 are NOT.
If you leave 3 or 4 when disconnected, you will loose admin access AND will be PASSIVE traced.
If you leave 2, then you will be PASSIVE traced.
If you DELETE 1, then you will be PASSIVE traced. And here is why:
Never clean log type PAIR of (1), UNLESS you destroy TARGET server BEFORE DISCONNECT via console or virus.
On disconnect, the "disconnected IP" entry is created, which forms a log pair (connected/disconnected).
Thus if you clean the connect entry (1), your IP immediately becomes suspicious because the DISCONNECT ENTRY will be generated and WILL NOT HAVE PAIR.
Example bad log:
5 random connection
4 random connection
3 removed data (previously - your IP connect log)
2 removed data (previously - your access to login)
1 your IP disconnected
Example good log:
5 random connection
4 random connection
3 your IP connect log
2 removed data (previously - your access to login)
1 your IP disconnected
The most reliable log deleter is V4, because that hole in the middle can still be undeleted. But at least its not as straight suspicious as Bad log. Bad log will get you busted even with V4 deleter, because "Disconnect IP" exposes your IP chain.
ALL LOG DELETERS VERSION 1 - 3 CAN BE UNDELETED, thus its smart to purchase log deleter v4 upfront. Otherwise, you have a RISK that PASSIVE trace continues and thus will have to clean SEVERAL machines BEHIND. And can still FAIL it.
When you clean the logs, its vital to clean type (2) to prevent PASSIVE trace.
If you want to be unnoticed, also remove (3) and (4).
Removing them will keep your admin clueless and he will NOT reset the LOGIN password.
Such servers are much harder ressolve through on PASSIVE and ACTIVE trace.
Ignore LOG MODIFIER, it is NOT affiliated with Log deleter and will NOT stop/help against the PASSIVE trace.
If you failed to have time and DISCONNECTED BEFORE cleaning logs on TARGET to prevent ACTIVE trace lock on you - then you WILL BE PASSIVELY traced. How to react on this - see above "PASSIVE TRACE".
The speed depends on company type, BANKS being the MOST aggressive. If your bounce path is LONG then you can have LITERALLY DAYS before PASSIVE trace finishes! If you know exactly what you are doing, you can use this to your advantage to haul a lot of similar missions and clean all logs in ONE act.
# SERVERS
To increase ACTIVE AND PASSIVE trace time (A times B):
- connect via a lot of servers (A)
- connect via strong servers (B)
Strong servers by delay:
weakest - basic servers without security
weaker - basic servers with security
normal - banks and governments
strong - basic servers that you have gained admin access to and that was not exposed
Unique servers:
- Internic:
WILL start an ACTIVE tracing if you attempt to crack its admin account.
WILL NOT start ACTIVE tracing if you login as admin
WILL NOT start ACTIVE tracing if you access its logs
WILL NOT change its password even if busted
This is ideal server for START of connection early in game and to the end.
- Uplink Test Server
WILL start ACTIVE tracing if you attempt to crack its admin account
WILL start ACTIVE tracing if you login as admin
WILL start ACTIVE tracing if you access its logs
WILL NOT change its password even if busted
WILL NOT prosecute you if you are caught
Because it does not prosecute, this is ideal server in connect chain just after Internic. Be sure to have it included in the chain. But remember, that to clean its logs, you need to connect to it via a long route as target. Its advantage against regular servers lies within it taking NO steps against you if you fail it, thus its a quick boost to PASSIVE trace time.
If you connect to any server, crack it and then properly clean its logs - your hack attempt will not be busted and you will retain ADMIN access to it. Thus it will be HIGHEST security bounce point.
Add these servers to your route, but remember that they will be reseted after admin detects constant periodic flow of traffic and will be need to be cracked again.
You can use such servers as your initial STARTING bounce point instead of Internic.
I have extensively tested the passive and active log by hacking and waiting almost a year without being busted. See attachment.
1. BEING SCREWED
2. TRACES
3. LOGS
4. SERVERS
# BEING SCREWED
You are screwed if:
- you were connected to your target AND the ACTIVE trace was in progress AND you allowed it to finish
- your bounce path was so short, that the ACTIVE trace ended almost immediately
- you cleaned the LOGS improper
- you cleaned the LOGS ONLY on TARGET, AND using Log Cleaner VERSION ONLY 1-3.
- you misunderstood how PASSIVE trace works and let it crawl to you
- you forgot that you were on PASSIVE trace AND there are ALREADY AGENTS near your gateway AND you have no nuke device
- your first bounce point was a regular server which you have NO ADMIN access to AND the time for PASSIVE TRACE to finish is almost over
You are almost guaranteed to survive if:
- you gained ADMIN access to and use Internic as your first bounce point. This for only single reason - Internic never changes ADMIN password. Yet you DON'T have to rely on it, if you understand how stuff works - but its nevertheless most in-secure as starting bounce point (for your benefit)
- you clean logs PROPER using V4 DELETER on your TARGET before ACTIVE trace is finished
- you clean logs PROPER using V 1-3 DELETER on your TARGET before ACTIVE trace is finished, AND then connected via LONG bounce to CLOSER machines to you and cleaned their logs PROPERLY. During WHOLE procedure, you had ADMIN LOGIN to the ENTRY bounce machine: you used Montor BYPASS on LOGIN or you used Internic.
# TRACES
There are two types of tracing: ACTIVE and PASSIVE.
## ACTIVE TRACE
ACTIVE starts when you do something suspicious, like cracking password or accessing admin section.
ACTIVE trace is tracked by "beeps" or remaining time of Tracer.
ACTIVE trace is started by MONITOR software and runs from critical point until you DISCONNECT.
If you manage to BYPASS the monitor, it does NOT start.
- If you just connect WITHOUT LOGIN INTO ADMIN accounts, ACTIVE TRACE will not start.
- if you connect AND LOGIN AS ADMIN on a server WITHOUT MONITOR, then ACTIVE TRACE will not start.
- if you connect AND LOGIN AS ADMIN on a server WITH MONITOR BUT USING MONITOR BYPASS, then ACTIVE TRACE will not start.
There is NO MONITOR DISABLE software, only MONITOR BYPASS.
- if you connect AND LOGIN AS ADMIN on a server WITH MONITOR, then ACTIVE trace STARTS.
- if you connect AND START CRACKING ADMIN account, on a server WITH MONITOR, then ACTIVE trace STARTS REGARDLESS if you bypassed monitor or not.
- ACTIVE trace has NOTHING to do with LOGS. Its a direct live TRACEROUTE/TRACERT to your machine.
- ACTIVE trace stops when you DISCONNECT and in exactly this moment PASSIVE trace starts - and LOGS are analyzed. In PASSIVE trace - LOGS are processed slowly from TARGET to you in a reverse chain. No logs on TARGET - no trace (read more below).
- IF you managed to CLEAN the logs PROPERLY on the TARGET machine when ACTIVE trace was not yet finished - clean BEFORE disconnecting, PASSIVE trace WILL NOT START.
- If you are BUSTED being traced ACTIVELY - you will be de-anomysed by Uplink itself and its either gameover,
criminal record or bribe.
## PASSIVE TRACE
- PASSIVE trace starts in the moment you disconnect, BUT:
- PASSIVE trace starts and continues ONLY IF YOU LEFT suspicious logs on TARGET machine WHEN you disconnected.
- PASSIVE trace is walked reverse of your bounce route. First target is your target.
- PASSIVE trace is done by HACKER NPC. If there are no Hacker NPCs left in game (see Uplink Internal Machine Roster) - then nobody can passively trace you. :)
- ADMIN/HACKER NPC will attempt to UNDELETE the logs - IF your log deleter is LESS than VERSION 4. So get VERSION 4, or delete BOTH TARGET and entry bounce server (Internic during the start phase) logs!
- If you are busted by PASSIVE trace, its usually game over. To prevent this, you can install NUKE and blow the gateway in exact moment. Instead of NUKE, you can use "some" SOFTWARE. But moment has to be exact - and thus you always need a motion sensor.
- If you read this guide, you will understand EXACTLY and predict PRECISELY when you have to fear the PASSIVE trace.
When you get UI Connection Upgrade and Bypass software, you can Bypass Monitor - and thus ACTIVE trace will not be started WHEN YOU LOGIN (not crack) AS ADMIN - for cleaning the logs.
This tremendously reduces time for cleaning logs, because you can connect directly just like to Internic.
But if the password is not accepted, that means admin reseted it and it needs to be cracked regularly again.
Thus you DONT have to use Internic as your STARTING point if you already have properly cracked servers with ADMIN access (those have a white box around icon on the world view).
But its a good idea to use internic in the start and overall its the weakest machine, once you get its admin login - because it will NEVER reset its LOGIN.
# LOGS
There are four types of logs:
1) connection and DISconnection / established logs
2) connection reroute/bounce logs
3) admin or account access logs
4) file or database entry access logs
Your IP is LOGGED when you connect OR DISCONNECT to server by any means: directly or as bounce.
Clean the logs PROPERLY on TARGET machine first - BEFORE disconnecting - DURING ACTIVE TRACE.
Logs are checked ONLY in PASSIVE trace phase, which starts after you DISCONNECT.
If you did not disconnect (and active trace is in progress), logs are still not yet accessed!
Log type 1 is perfectly safe, 2-4 are NOT.
If you leave 3 or 4 when disconnected, you will loose admin access AND will be PASSIVE traced.
If you leave 2, then you will be PASSIVE traced.
If you DELETE 1, then you will be PASSIVE traced. And here is why:
Never clean log type PAIR of (1), UNLESS you destroy TARGET server BEFORE DISCONNECT via console or virus.
On disconnect, the "disconnected IP" entry is created, which forms a log pair (connected/disconnected).
Thus if you clean the connect entry (1), your IP immediately becomes suspicious because the DISCONNECT ENTRY will be generated and WILL NOT HAVE PAIR.
Example bad log:
5 random connection
4 random connection
3 removed data (previously - your IP connect log)
2 removed data (previously - your access to login)
1 your IP disconnected
Example good log:
5 random connection
4 random connection
3 your IP connect log
2 removed data (previously - your access to login)
1 your IP disconnected
The most reliable log deleter is V4, because that hole in the middle can still be undeleted. But at least its not as straight suspicious as Bad log. Bad log will get you busted even with V4 deleter, because "Disconnect IP" exposes your IP chain.
ALL LOG DELETERS VERSION 1 - 3 CAN BE UNDELETED, thus its smart to purchase log deleter v4 upfront. Otherwise, you have a RISK that PASSIVE trace continues and thus will have to clean SEVERAL machines BEHIND. And can still FAIL it.
When you clean the logs, its vital to clean type (2) to prevent PASSIVE trace.
If you want to be unnoticed, also remove (3) and (4).
Removing them will keep your admin clueless and he will NOT reset the LOGIN password.
Such servers are much harder ressolve through on PASSIVE and ACTIVE trace.
Ignore LOG MODIFIER, it is NOT affiliated with Log deleter and will NOT stop/help against the PASSIVE trace.
If you failed to have time and DISCONNECTED BEFORE cleaning logs on TARGET to prevent ACTIVE trace lock on you - then you WILL BE PASSIVELY traced. How to react on this - see above "PASSIVE TRACE".
The speed depends on company type, BANKS being the MOST aggressive. If your bounce path is LONG then you can have LITERALLY DAYS before PASSIVE trace finishes! If you know exactly what you are doing, you can use this to your advantage to haul a lot of similar missions and clean all logs in ONE act.
# SERVERS
To increase ACTIVE AND PASSIVE trace time (A times B):
- connect via a lot of servers (A)
- connect via strong servers (B)
Strong servers by delay:
weakest - basic servers without security
weaker - basic servers with security
normal - banks and governments
strong - basic servers that you have gained admin access to and that was not exposed
Unique servers:
- Internic:
WILL start an ACTIVE tracing if you attempt to crack its admin account.
WILL NOT start ACTIVE tracing if you login as admin
WILL NOT start ACTIVE tracing if you access its logs
WILL NOT change its password even if busted
This is ideal server for START of connection early in game and to the end.
- Uplink Test Server
WILL start ACTIVE tracing if you attempt to crack its admin account
WILL start ACTIVE tracing if you login as admin
WILL start ACTIVE tracing if you access its logs
WILL NOT change its password even if busted
WILL NOT prosecute you if you are caught
Because it does not prosecute, this is ideal server in connect chain just after Internic. Be sure to have it included in the chain. But remember, that to clean its logs, you need to connect to it via a long route as target. Its advantage against regular servers lies within it taking NO steps against you if you fail it, thus its a quick boost to PASSIVE trace time.
If you connect to any server, crack it and then properly clean its logs - your hack attempt will not be busted and you will retain ADMIN access to it. Thus it will be HIGHEST security bounce point.
Add these servers to your route, but remember that they will be reseted after admin detects constant periodic flow of traffic and will be need to be cracked again.
You can use such servers as your initial STARTING bounce point instead of Internic.
Post edited June 23, 2016 by Lin545
