Note that this page contains two guides. The more in-depth one is towards the bottom. First one gives a good overview however. Since the release of 1.11 a lot of these methods will not work on realms OR they are detectable and will get your account banned. We cant impose enough, that if you try this, please do it while you're not logged onto battle net. We are not responsible for how you use this guide and any damages it may incur. It is here for learning purposes only.
Intro: What is a packet?
A packet is a 'piece' of data sent from your client (your instance of diablo2) to the battle.net server. The server then takes this packet, processes whatever actions are sent in the packet of data and often sends some packets back to you. The packets which come back to you are RECEIVED packets.
The key thing to understand here is that sent packets can cause things you may wish to exploit. Receiving packets yourself manually, using D2hackit like this for example..
.receive 9c 12 0a 56 98 .. .. ..
Does not represent anything happening at the server, and is known as a clientside effect. For example. If you sniff the received packet next time an item drops to the floor, and receive it again, you'll see an item drop to the floor. But it will not really be there.
How is a Packet Made Up?
All packets have an identifying first byte. Here are some examples:
17 0a 0f e5 48 - Drop item to ground
19 0a 0f e5 48 - Pick item up from inventory to cursor
60 - Switch Weapons
This first byte identifies the packet. A 17 packet will always try to drop an item to the ground. A packet with the first byte 19 will always try to pick the item up from your inventory to your cursor. Of course, this only works if the item is in your inventory, and if there is nothing on your cursor.
Packets are then made up of bytes, words, and doublewords (dwords for short.) Here is what they look like:
00 = one byte
00 00 = a word
00 00 00 00 = a dword (or 4 bytes!)
Lets look at the 33 packet as it is often seen to be the most confusing to an unskilled packeteer. This packet sells an item to an NPC.
Here is the format of the packet.
33[XX XX XX XX][YY YY YY YY][ZZ ZZ ZZ ZZ][aa aa aa aa]
The 33 packet contains the first byte 33, then 4 dwords as shown above.
The first dword, [XX XX XX XX] is the ID of the NPC we want to sell the item to. Next we have the item ID, [YY YY YY YY], the second dword. The third dword represents where we are selling an item from. ([ZZ ZZ ZZ ZZ]) The final dword is the value in gold that the item will sell for. In reality we dont need to calculate it as the server does it anyway. So enter any number, 01 01 01 01 is easy to type.
Now you have seen the structure of a packet, with its parts identified. All these packet structures can be seen in the d2hackers packet list:
url to be appeneded
That's great, but how do I find the values for these 'ID's ?!?!
The next section covers common packet questions, and common sniffing tasks.
The simplest way to find an item is using the 19 packet. Place an item in your inventory. Set your sniffer to display 19 packets.
If you are using snifferxp or snuff with d2hackit, type the following:
.snifferxp show s 19
.snuff show s 19
Now click on the item. Your sniffer will display a line like this:
19[XX XX XX XX]
XX XX XX XX is the ID of the item!
Say your sniffer showed this: 190abd2f7e - the item ID is 0abd2f7e We can test this in some other packets now. According to the packet list, the 17 packet to drop an item from cursor to the ground is like this: 17[DWORD Item ID]
So if we type the following, with the aforementioned item on our cursor, it should fall to the ground:
Try it !
There are a couple of important received packets. Not because they affect the server in any way, but they allow you to beat some GUI restrictions.
The most important one (before people truly understood all of the packets, and for convenience) is the oneside packet.
Receive this packet in trade and it will seem like you are not in the trade. You are, but the graphic for the trade window has gone! You can run around. But you wont be able to send certain packets, such as 13 and many packets will cause battle.net to drop you from the game. For example if you send the 17 packet to drop an item to the ground in trade, or go onesided and drop it manually by clicking, you will still be disconnected from the game for trying to dupe.
OK, now you know something. Lets try some old patched methods. You need d2hackit and snifferxp or snuff. Snuff is better and easier to use, so try with it.
This method is the old potmatrix dupe, try it in single player since it's patched in realms. Originally posted @ BH by Comi.
PotMatrix Dupe Example
Sells a belt item repeatedly without losing the item. Only worked for belt items, it was never possible to equip an item such as a ring to your belt and dupe it. Used to get lots of full rejuve potions, and to spawn gold for gambling.
Requires: 1 Person, D2Hackit + Modules(Snuff/Sniffer)
Can Dupe: Any belt item (scroll, potion)
Packets To Sniff: 13,19/24
1. Sniff the id (19 ZZ ZZ ZZ ZZ) of the item you want to dupe by lifting to cursor from inventory, or sniff the 24 ZZ ZZ ZZ ZZ packet by lifting item directly from belt.
2. Place the item in any belt slot.
3. Go into trade with an NPC, find the NPC's ID: (13 01 00 00 00 XX XX XX XX),
4. Send this packet:
33[XX XX XX XX][ZZ ZZ ZZ ZZ][02 00 00 00][01 00 00 00]
XX = Gheed ID
ZZ = Worn Item ID
5. The item will sell to the npc and will not leave your body.
6. Buy the item back(if you have enough money).
7. Repeat as many times as you want.
I'll make it a little clearer.
- use d2 in windowed mode
- first load snuff with ".load snuff"
- since you need to see packets 13 and 19/24 type ".snuff show s 13 19 24"
The rest you should figure out by yourself. If everything goes fine, the potion should be sold at npc and you should still have it in your belt buffer.
Beginner's Guide to Packets
Here's a little tutorial I wrote some time ago. I've dusted it off and updated it a touch for 1.10. I dont know how useful it will be, but I'm sure someone will get something from it.
It covers basic loading of modules, sniffing, packet sending etc... as well as some simple theory.
Anyway... here it is:
D2Hackit / Packet sending FAQ/Tutorial for ******s (and oldies)
If you see it anywhere else then it's not where it should be.
1.1)What is D2Hackit?
1.3)Installing D2Hackit and modules.
1.4)Running D2Hackit and modules.
2.1)What are packets?
2.2)Why send packet?
2.3)How do I send packets?
2.4)What does the "receive" command do?
2.5)How do I find out which packet does what?
2.6)What's a BYTE / WORD / DWORD?
3)Using packets to do something.
3.2)Picking up an item from your inventory.
3.3)Selling an item using packets.
1.1) What is D2Hackit?
D2Hackit is a program that loads itself "into" the D2 game. It ties into several of the core game functions, allowing module coders access to those functions to perform actions such as sending packets, as though it was the game itself that was carrying out those actions.
Although it has several very useful functions, D2Hackit is not an end in itself, but merely a means to an end. The real functionality and usefulness of it lies in the Modules which we use with it.
These can be as simple as packet senders/sniffers, or as complicated as a shopping bot.
1.2) Essential Files.
For the purposes of the tutorial sections, you will need the following files:
Be careful, and make sure you only download these files from trusted sites. Scan them thoroughly with up-to-date virus scanning software, and check your system after running, to make sure you havent inadvertantly installed a keylogger on your machine.
1.3) Installing D2hackit and modules.
Installation of D2Hackit is extremely simple. Just extract all the files from the zip to any directory on your hard drive. It doesnt matter in the slightest where you put it, so long as you know where it is.
Installing modules is exactly the same. Extract any modules you wish to use into the same directory as D2Hackit. There will normally be a .d2h file, and perhaps an .ini file and a .txt file also. Make sure these are all in the same directory as loader.exe.
1.4) Running D2Hackit and modules.
Once you have D2Hackit installed, and any modules you wish to load, you then need to get them working. This is done in the following way:
-Join/Create a game.
-Alt-tab to desktop.
-Find your D2Hackit directory.
-Go back to D2.
You should see some text telling you that D2Hackit has loaded successfully. Now to load our modules. I'm going to assume that we're loading the modules for the tutorials, but the process is identical for any others too:
-Press enter to get a chat box.
-Type .load <modulename> (eg .load sniffer .load bind .load block)
You should see a message saying the module is loaded, and perhaps a brief mention of the author.
If you want to get help or see a list of commands available in a module, type:
to see all of the basic D2Hackit commands, or:
For a list of all commands in a specific module.
For help on a specific command, use:
.<modulename> <command> help
.pickit toggle help
.sniffer hide help
.bind set help
2.1) What are packets?
To understand what packets are, and how they relate to D2, you first need a little background on how D2 works when playing on closed bnet.
D2 runs as two different pieces, a server program and a client program. The server program is what actually runs the "game"... it's where everything actually happens.
The client program acts as a "window" into that game, allowing you to see what's going on, and to interact with the game.
When you play on closed bnet, the server is run on Blizzard's machines, and only the client is run on your personal computer.
Packets are pieces of information and instructions sent to and from your machine allowing you to see and interact with the game. Almost every action you do (Walking, Attacking, Picking up items) involves a packet being sent to the server, and everything you see happening (other people attacking, other people dropping items) involves a packet being sent from the server to you so that you can see it.
Diablo 2 packets typically consist of a single byte (2 numbers) identifier (such as 13) and then several pieces of data, usually organised into DWORDS (groups of 4 bytes, or 8 numbers).
2.2) Why send packets?
There are many reasons why you would want to send packets.
At the basic level, packet sending can be used to perform basic tasks within the game. You can pick up items, drop them, interact with NPCs etc just using packets.
At a more advanced level, packet sending can be used to perform actions at the wrong times, or in a way which you would not be able to do using the standard game client. This is useful for discovering loopholes, and exploits, which can then be turned into hacks.
2.3) How do I send packets?
Very handily, D2Hackit has a built in command which allows you to send any packet you like to the game server.
This command is .send, and is used like this:
Where xx represents the packet you wish to send, and varies in length according to the packet type.
Please note that all packets are in Hexadecimal (base-16) notation, and therefore must be an even number of letters/numbers in length. For more information on using hex, search Google.com, there are many tutorials available on how to use it.
Information on different packets and their uses can be found on the Blizzhackers forums in a permanently stickied thread called "packet list" and several of the more common packets will be covered later in this tutorial.
2.4) What does the "receive" command do?
Packets are sent both ways whilst you are playing D2. Some of them are sent from you to the server, but some are also sent from the server to you.
You may be curious to find out what happens when you receive a particular packet, and to find this out, the receive command is used. It fools D2 into thinking that the packet came from the server.
The use of the function is exactly the same as the send command, and is:
Where xx is the packet you wish to receive, and can vary in length. Again, the packet is in Hex, and the usual rules apply.
2.5) How do I find out what packet does what?
There are many different ways to do this.
The simplest way is to look in a packet list, such as the one on Blizzhackers, which lists most common packets and what they do.
If you want more detailed information, then you may need to sniff packets.
For sniffing packets, we use a sniffer module. Most people use either Sniffer or SnifferXP, it's a matter of personal choice, either functions well, but for this tutorial I am assuming you are using the basic Sniffer module.
To sniff packets with sniffer, there are two ways to go about it. You can either sniff for specific packets, or sniff for all packets.
To sniff for a specific packet, use the following method:
-Ensure D2hackit and sniffer module are loaded.
-Type ".sniffer show s xx" to show all packets sent with the ID xx
-Type ".sniffer show r xx" to show all packets received with the ID xx
When the packets are sent or received, you will see them shown at the top left of the screen.
Sometimes you will want to find a packet for an action, but wont know the ID. For this you can sniff all packets. To do this:
-Ensure sniffer/D2HAckit are loaded.
-Type ".sniffer load show-all"
All packets sent and received will now appear.
To disable it, type ".sniffer load default".
2.6) What's a BYTE/WORD/DWORD?
All of these refer to hexadecimal numbers of a specific length. The precise meaning of WORD and DWORD varies from platform to platform and processor to processor, but for the purposes of D2 hacking and available packet lists, the meanings are as follows:
BYTE = 8 bit binary number = 2 digit hex number
WORD = 16 bit binary number = 4 digit hex number
eg 2F 09
DWORD = 32 bit binary number = 8 digit hex number
XX XX XX XX
eg AB 2E FD 04
3) Using packets to do something.
Okay, so now you know what packets are, how to send them, receive them, and see them, so what can we actually do with them?
The examples I will give here are only basic ideas to show you how to go about using packets, and are in no way the be-all and end-all of packet techniques, but they will give you a place to start, so you can explore more fully on your own.
3.1) Getting IDs.
Everything in the Diablo-2 world has a unique id number. This is so the server can keep track of all the items, monsters, NPCs and players.
Most packet actions will require one or more IDs to function correctly. This may be an NPC ID, a player ID, an item ID, or one of many others.
Getting an ID is usually just a case of sniffing an interaction packet and looking in the right place.
To find an NPC ID:
-Sniff sent 13 packets (.sniffer show s 13)
-Click on an NPC.
You should get a packet that looks like this:
xxxxxxxx is the interaction type.
yyyyyyyy is the ID of the thing you're interacting with.
You can use this to get the IDs of other things too, like your stash, quest objectives, waypoints etc.
To find an Item ID:
-Put the item into your inventory.
-Sniff sent 19 packets (.sniffer show s 19)
-Pick up the item from your inventory.
You should get a packet like this:
xxxxxxxx is the ID of the item.
3.2) Picking up an item from your inventory.
This may sound like a simple task, but it will give us a little practice at using both the sniffer module, the bind module, and the send function in D2hackit.
We are now going to make it so that we can lift an item out of our inventory onto the pointer just by pressing a key.
-First make sure D2hackit, Sniffer, and bind are loaded.
-Sniff the ID of the item (as described above)
-Put the item back in your inv.
-Send the packet again. ( 19[Item ID] )
This should lift the item out of your inventory and place it on the cursor. But wouldnt it be great if we could do that just by pressing a key? Here's how:
-Put the item back into your inv again.
-Enter the command ".bind keycode" and then hit a key, this will give you a 2-digit number which is the keycode for that key, we will call that "xx" from now on.
-Enter the command ".bind set xx xx send 19yyyyyyyy" where xx is the keycode (yes, enter it twice) and yyyyyyy is the item code.
-Now, close your inventory and hit the key you just bound.
This should lift the item from your inventory without the screen being open at all.
You can bind any commands you like to any key you like using this method.
It's handy for sending packets in situations where typing is not allowed (imbue screen for example)
3.3) Selling an item with packets.
Now we've sussed out how to pick up an item from our inventory, let's see if we can tackle something a little more tricky. This time we will sell an item to an NPC using packets.
For this we will need both an NPC ID and an Item ID, so follow the steps above to find those.
For this exercise, we are going to be using the "Sell item" packet. This has the general format:
33[NPC ID][Item ID][DWORD][Cost]
-Get your NPC ID and Item ID ready, then get into the tradescreen with your chosen NPC.
-Make sure the item you are selling is in your inventory.
-Use the command ".send 33xxxxxxxxyyyyyyyy00000000zzzzzzzz" Where is x is the NPC ID, y is the item ID, and z is the cost (use any value you like, it wont make a difference).
Bingo, item is gone from your inv, and is sold to the NPC, using packets.