Diablo II Menu
 Diablo 2 News
 Premium Diablo 2
 Scamming sites
 Link to Us
 Advertise on NewD2Event
 Firefox Browser

  Diablo 2 Topsites


Diablo 2 Download
 1.12a Hacks/Cheats/Bots
 Diablo II Demo
 Diablo I Demo

Single Player
 Saved Games

 Diablo II Methods
 Diablo 2 Auradin Glitch
 Forgotten Sands Exploit
 Act5 In classic
 How To Level Up
 Glitch Rush Guide
 God Mode Method
 Level 1-80 in 2 hours
 Teh Dupe 1.11b
 Dupe method 1.11b
 Merc Aura Stack Glitch
 Eth Armor Upgrade Bug
 PK in Town

 About MMBot
 Download MMBot
 MMBot History

 D2HackIt Modules
 D2HackIt Bots

RedVex and Plugins
 RedVex FAQ
 Adblock Plugin
 Flash Plugin
 Leader Plugin
 Macro Plugin
 MephStone Plugin
 NetStuff Plugin
 Tppk Plugin
 Magnet Plugin
 Chicken Plugin
 Keychain Plugin
 ZCommand Plugin
 TownTele Plugin
 HotPlug Plugin
 FastMod Plugin
 GameName Plugin
 Hide offline friends Plugin
 Forgotten Sands Exploit
 PreCast Plugin
 Crapstuff Plugin
 RedEye Plugin
 ChickY Plugin
 Mindigo Plugin
 FastTp Plugin
 EZBaal Plugin
 Origami Plugin
 autoHPK Plugin
 FollowBot Plugin
 OSTPPK Plugin

BlueVex and Plugins
The .NET Version of RedVex

 beta v0.5.0.x
 botNET Bots
 botNET MultiKilla
 botNET Utilities
 botNET Libraries
 botNET Applications

 1.08 Items
 Duped Items
 Hacked-Bugged Items
 Perfect Items
 Crafted Items

 v1.09D PC

Diablo 2 Info

 Cube buffer dupe
 Diablo2 RIP

Diablo 2 Items
 The Basics
 Basic Item Info
 Rings & Amulets
 Weapons & Armors
 Socketed Items
 Rune Words
 Magic Items
 Prefixes & Suffixes
 Rare Items
 Crafted Items
 Set Items
 Unique Items
 The Horadric Cube

Diablo 2 Quests
 Quest Index
 Quest Basic
 Quest Rewards
 Act I Quests
 Act II Quests
 Act III Quests
 Act IV Quests
 Act V Quests
 The Secret Cow Level

Diablo 2 Maps
 Act 1
 Act 2
 Act 3
 Act 4
 Act 5

Diablo 2 NPCS
 NPCs Index
 Act 1
 Act 2
 Act 3
 Act 4
 Act 5

Shrines and Wells
 Shrines and Wells

Diablo 2 Calculators
 More calculators

Diablo 2 Character Guides
 Faster Block Rate
 Faster Cast Rate
 Faster Hit Recovery
 Diablo 2 Hunters
 Amazon [7]
 Assassin [10]
 Barbarian [10]
 Druid [6]
 Necromancer [9]
 Paladin [20]
 Sorceress [13]

 D2event Network
 Diablo and Hellfire


Diablo 2 hacking (packets, d2hackit etc.) guides
Packets Guide by EvilCheese
Packets Guide by After-Death
Diablo II Packet Lists & Info
Diablo II 1.10 Skills List
D2Hackitv2 Tutorial
Battlenet Packetlist v1.11 Compilant
D2Hackit v2.00 API Reference

D2HackIt | D2HackIt Modules | D2HackIt Bots

Packet Guide by After-Death

Intro: What is a packet?

A packet is a 'piece' of data sent from your client (your instance of diablo2) to the battle.net server. The server then takes this packet, processes whatever actions are sent in the packet of data and often sends some packets back to you. The packets which come back to you are RECEIVED packets.

The key thing to understand here is that sent packets can cause things you may wish to exploit. Receiving packets yourself manually, using D2hackit like this for example..

.receive 9c 12 0a 56 98 .. .. ..

Does not represent anything happening at the server, and is known as a clientside effect. For example. If you sniff the received packet next time an item drops to the floor, and receive it again, you'll see an item drop to the floor. But it will not really be there.

How is a Packet Made Up?

All packets have an identifying first byte. Here are some examples:

17 0a 0f e5 48 - Drop item to ground
19 0a 0f e5 48 - Pick item up from inventory to cursor
60 - Switch Weapons

This first byte identifies the packet. A 17 packet will always try to drop an item to the ground. A packet with the first byte 19 will always try to pick the item up from your inventory to your cursor. Of course, this only works if the item is in your inventory, and if there is nothing on your cursor.

Packets are then made up of bytes, words, and doublewords (dwords for short.) Here is what they look like:

00 = one byte
00 00 = a word
00 00 00 00 = a dword (or 4 bytes!)

Lets look at the 33 packet as it is often seen to be the most confusing to an unskilled packeteer. This packet sells an item to an NPC.

Here is the format of the packet.

33[XX XX XX XX][YY YY YY YY][ZZ ZZ ZZ ZZ][aa aa aa aa]

The 33 packet contains the first byte 33, then 4 dwords as shown above.
The first dword, [XX XX XX XX] is the ID of the NPC we want to sell the item to. Next we have the item ID, [YY YY YY YY], the second dword. The third dword represents where we are selling an item from. ([ZZ ZZ ZZ ZZ]) The final dword is the value in gold that the item will sell for. In reality we dont need to calculate it as the server does it anyway. So enter any number, 01 01 01 01 is easy to type.

Now you have seen the structure of a packet, with its parts identified. All these packet structures can be seen in the d2hackers packet list:
url to be appeneded

That's great, but how do I find the values for these 'ID's ?!?!

The next section covers common packet questions, and common sniffing tasks.

The simplest way to find an item is using the 19 packet. Place an item in your inventory. Set your sniffer to display 19 packets.
If you are using snifferxp or snuff with d2hackit, type the following:

.snifferxp show s 19
.snuff show s 19

Now click on the item. Your sniffer will display a line like this:

XX XX XX XX is the ID of the item!

Say your sniffer showed this: 190abd2f7e - the item ID is 0abd2f7e We can test this in some other packets now. According to the packet list, the 17 packet to drop an item from cursor to the ground is like this: 17[DWORD Item ID]

So if we type the following, with the aforementioned item on our cursor, it should fall to the ground:

.send 170abd2f7e

Try it !

Key Packets

There are a couple of important received packets. Not because they affect the server in any way, but they allow you to beat some GUI restrictions.

The most important one (before people truly understood all of the packets, and for convenience) is the oneside packet.

.receive 770c

Receive this packet in trade and it will seem like you are not in the trade. You are, but the graphic for the trade window has gone! You can run around. But you wont be able to send certain packets, such as 13 and many packets will cause battle.net to drop you from the game. For example if you send the 17 packet to drop an item to the ground in trade, or go onesided and drop it manually by clicking, you will still be disconnected from the game for trying to dupe.

OK, now you know something. Lets try some old patched methods. You need d2hackit and snifferxp or snuff. Snuff is better and easier to use, so try with it.

This method is the old potmatrix dupe, try it in single player since it's patched in realms. Originally posted @ BH by Comi.

PotMatrix Dupe Example

Sells a belt item repeatedly without losing the item. Only worked for belt items, it was never possible to equip an item such as a ring to your belt and dupe it. Used to get lots of full rejuve potions, and to spawn gold for gambling.

Requires: 1 Person, D2Hackit + Modules(Snuff/Sniffer)
Can Dupe: Any belt item (scroll, potion)
Packets To Sniff: 13,19/24

1. Sniff the id (19 ZZ ZZ ZZ ZZ) of the item you want to dupe by lifting to cursor from inventory, or sniff the 24 ZZ ZZ ZZ ZZ packet by lifting item directly from belt.
2. Place the item in any belt slot.
3. Go into trade with an NPC, find the NPC's ID: (13 01 00 00 00 XX XX XX XX),
4. Send this packet:
33[XX XX XX XX][ZZ ZZ ZZ ZZ][02 00 00 00][01 00 00 00]

XX = Gheed ID
ZZ = Worn Item ID

5. The item will sell to the npc and will not leave your body.
6. Buy the item back(if you have enough money).
7. Repeat as many times as you want.

I'll make it a little clearer.
- use d2 in windowed mode
- first load snuff with ".load snuff"
- since you need to see packets 13 and 19/24 type ".snuff show s 13 19 24"

The rest you should figure out by yourself. If everything goes fine, the potion should be sold at npc and you should still have it in your belt buffer.

Diablo 2 Newsletter
Questions, ideas, problems, wishes?
Be informed whenever something new comes up
(or any important problems are fixed.).
You can unsubscribe from this newsletter at any time.
09 Mar 2009, 11:26
05 Aug 2007, 00:48
05 Aug 2007, 00:46
Notify me about new comments on this page
Hide my email

If you can't read the word, click here

Verification code:
Powered by Scriptsmill Comments Script