community theories — bugged items, area 51
apr 15, 2019
I did not write this. I scraped it from the web years ago and am storing it here for legacy reasons — it's a fascinating piece of Diablo II history that I did not want to lose when source pages rot away.
All credit belongs to the original author(s): Morgalis, bootyjuice, Liconics, herzog_zwei, Thrawn, with supplemental material from the two Brians. The piece was surfaced to me via a Reddit thread on r/Diablo.
The following information has been the culmination of the research done by: Morgalis, bootyjuice, Liconics, herzog_zwei and Thrawn. Many thanks to Brian and Brian for confirming things and important supplemental information.
Bugged items. What really is a bugged item after all? An item with insane mods? The properties of one item on another? Things that seem impossible to drop?
Of course we all wanted this method. herzog and I spent many hours going over the possibilities of "fusing", and bootyjuice invested many hours in trying to uncover how some 1.08 items were able to get past the dupe scanner. It is my opinion that Liconics has tried to replicate any instance where it could happen and thoroughly exhausted every possibility.
1.08 was a great patch in the fact that the items were awesome and rare items could be dropped with up to 6 mods. Some really great things dropped, and we see them sold on eBay after they had been duped beyond imagination. The eBay market is controlled by several key players, and the most important, the suppliers.
All of this has been about money. If there was not eBay, the items available would be scarce and not so widely duped. The market would be based on items values — not the dollar value that it is. The ultimate ironic thing is that I personally had it logged of what people were doing, but it never clicked in.
There was a point when D2 turned into a value system outside of soj's. It turned into an eBay cash market and duping no longer because a pursuit of gaining online wealth, it walked out to the real world and became an income for a lot of people. There is not a channel that you can sit and idle or chat in that does not have some sort of spam bot advertising items to buy from them — and often they will advertise bogus sites with trojans, luring people's greed to the elusive ith/dupe/fusing methods that just plain do not exist.
We used to complain about how to the market on bnet was ruled but soj's… back in patch 1.05 you could get trade 5 pskulls for a soj. The perfect skull was the $1 bill and soj's the $5. They worked in tandem to all good traders. You could gamble uniques then, so it was a great deal. The Bnet economy was set by what was available.
SOJ's remained the currency for a very long time, and items fluctuated in their values until the permanent duped 1.08 uniques flooded the market. Suddenly .08 valors, grandfathers and windforces because a new commodity value, and people had to trade a lot of soj and other items to get them. They were the best! A dupe that never deletes. It was worth everything.
As those new items flooded the marker, the value of the soj took a nose dive. In their place grew the value of the 40/15. You could get it in all different kinds of colours, and they to were permanent. eBay was flooded with offers of $100's of dollars for an inventory full of them. Suddenly you had the cash value on BNet once again. But that is never enough for the people who have the money at stake. In came pdsc [poison damage small charms] by the inventory full and depending on the realm, 3/20/20 sc became avialable. But the eBay market was not finished there.
In flocked the occy soj's. These were amazing rings that everyone had to have. For 5 40/15 or a WF or a few other things, you could land youself the best rings for a sorc to mf with. And again, the eBay Market soared, and the occy soj took over the reigns as the cash value on bnet again. In 18 months, the economy of BNet turned tail from perfect skulls to occy soj's and the eBay sellers were in business for themselves.
As the value of the occy soj's started to drop, the eBay sellers introduced new items to perk up the sales. Constricting rings were introduced to the realms. What a cash cow that was! The ultimate ring that was impossible to drop, was on all three realms! Prices started nearly $500 each, and people paid that value to have the rarest ring in the game. Too bad that it dropped to a $6 in less than 2 months.
The Bnet economy and the eBay market seemed to level off and traders online drew a sigh of relief as their legit goods were once again worth something. But there was one more mass production waiting in the wings and just when people last expected it, the white ring because prominent on both the eBay and BNet markets. Of course, the white gauntlets were around, but the focus was on white rings since they drew the bigger attraction and more value as your character could have two of them. Once again up went the prices on eBay and BNet. As people poured out cash on eBay, the BNet economy paid with more and more items, focusing on the godly Windforce, high level runes and occy soj's and constricting rings.
The market was alive, but it just wasn't enough. And out came the white hexing charms that fetched a huge value on eBay once again. The BNet market ruined yet one more time, but those who didn't care, infested it even more and at the point of writing this, the current value system is placed on the white items, constricting rings, and unid'd Windforces.
The common player would have no luck trying to trade for their small requests. Text flies by on the screen of the trading channels with people offering these new godly items and not accepting anything other than… well… the other godly items. BNet economy from a players point of view went to hell. eBay flourished.
There are a couple of common things I have touched on. One is the fact that the eBay market seems to dictate what is BNet currency. The other is that i have made a clear distinction of items.
There are bugged items, and then there are illegal items. The difference between the two of them, is that bugged items were created through a rolldown or a rare that spawned incredible mods. Illegal items are ones that have been brought to the realm and never have dropped. Of course the best items turn out to be the illegal ones.
Illegal items are the things that Blizzard didn't create, and are considered the Godliest items in the game. And of course, who would not want to make the best of the best!! If you could choose an item, would you not want it to be the BEST?
Everyone has toyed with the idea of fusing items together, that is how they made things like occy soj's is it not? It seemed to be the only explanation and it is from that assumption that people determined, and accepted, that they were fused.
The one argument against the "fusing" is that there were discrepancies in the USEast and USWest occy sojs. USWest had faster cast and USEast had faster block. An occulus has faster cast rate, so creating an occy soj on USEast that had faster block through a fusing method, was proven invalid.
Meph is the one boss in the game who repeatedly drops items that rolldown with other item stats. This is how such things as the Cliffkiller amulet, Buriza Armor and Wizardspike gloves came to be. There are also other curiousities that collects keep such as the Rockstopper Sallet and Bloodtree Stump Armor.
Illegal items are a different story.
The 1.08 uniques that get past the dupe scanner defied all known theories. They behave like a normal item [pots, scrolls] where they could pass in and out of games, based on the same server id's. The final deduction that bootyjuice came up with was the possibility of a flag set on the server id so they would act like common items. This was not really the case.
The biggest debate about real/hacked items is on the constricting ring. It has never officially been reported that it was ever enabled, but there are constricting rings on Europe, USWest and USEast. These two defied the ability to prove them to exist, since their values in -all- mpq files state that they have -30 life drain and the ring on the realms states -10 life drain. If you head to the Arreat Summit, you will see that the Constricting Ring has been removed. That in itself says a lot.
There are a few items that can simply be explained as a 1.08 item. During patch 1.08 it was possible to have a drop of up to 6 mods, as well as being able to take any "name". There are many rare items that are just fabulous and they get wrapped up into the "bugged" items list. In actuality, only those rare bugged items dropped in 1.07 can be safely duped. Any rare dropped item in 1.08 that rolled down great mods will delete to the dupe scanner. Any rare item that is beyond patch 1.07 and gets past the dupe scanner should be considered an illegal item.
Iths are a combination of an item created via an exploit and are now filled with bugged jewels. eBay is infest with "new bugged ith" when in reality, the only thing that is different from them is the fact that they were filled with bugged jewels. People are once again lured into the glamour of an Ith creator since that seems the reasonable explanation for the "new bugged iths" when in actuality, it is just a template that has been duped and filled with the new 'bugged' jewels. Ith's were only made possible when the exploit existed to identify and sell the runes in an item. That has been patched for almost a year now, and there is not other possible way that an ith can be 'created', it can only be duped.
Again this all goes back to the eBay market. Where there is supply, there is demand, and it took a smart business man to plan the unveiling of new items onto the eBay market. It's all about money. To have spread everything around at once, it would have lost them money. Many people live from their income selling d2 items. If you want an item, you can probably find it on eBay, and if it gets traded into the right person's hands on BNet, it will definitely get to eBay.
There have been several duping methods that have paved the road for how many items of the same kinds are on bnet. The most lucrative was the rollback games, where entire inventories could be dropped and duped in within a matter of minutes. Anything that would pass through the virus scanner was fair game, and the inventories of the suppliers filled. Depending on the supplier, a reseller could place a custom order for items by simply giving what they wanted copied, and it was returned to them for a fee.
When an exploit was fixed, they merely worked on finding a new one, or offering insane amounts of money to buy one. From a mere $200 to $10,000, a dupe could be bought. For the financial investment from the beginning, the returns from a dupe method were far more than triple that. Some sellers/resellers will have over $10k listed on ebay at one time, depending on what is available on the market.
As I explained before, the suppliers let things out slowly to maintain a good financial market as well as corresponding to the latest dupe methods. Once a desirable item was found and bought/traded for, they were able to start reproducing it. This gave the illusion that there was always something new created/found. In actuality, items have been in inventories for a long time, just not publicly released.
A theory that it was a Blizz employee adding items to an accounts, are false. There has been a lot of speculation on whether or not they were imported from Open to Closed. Well it is true.
In April they were able to get open players into the bugged games, so that they could create new items on the realms. Since the bugged games were unable to save for some characters, the open character could come in, drop and leave without detection. The hole was sealed in April when they were tipped off by a programmer who remained anonymous. It wasn't until 6 months later that it was discovered and confirmed that it had happened.
To be able to use an open character it was necessary to understand how the out-of-game packets worked. The exploit allowed open characters to get into a game by sending an out-of-game packet as it joined the game. In using the non-saving games, the realm server was not connected to the game, and therefore it didn't drop the player like a hot potato, it allowed entry.
When the code was vulnerable it worked like this:
BUGGED GAME Player A - saving character holding the game Player B - nonsaving character Player C - Open character Players D and above - in an out for muling the goods
They obviously worked more than one at a time, but this is just a simple explanation of the process of doing it.
Player A always had to be there to save the game, and they would have run some sort of script to keep it active. Player B was capable of rejoining and dropping the items over and over again. Player C was brought in, sending a packet when joining the game and was accepted by the realm server. Players D and above were saving characters that came and took the stuff out.
Now when you had Player C — the open character — enter the game, you then imported the inventory onto the realm. With Character b — the nonsaving character — you could empty and inventory and stash, leave and do the same. A rinse and repeat, and you can fill entire accounts with whatever you want. It would have made more sense to have more than one nonsaving character coming in and out, but this is just a bare bones operation.
Blizzard was tipped off by someone that I am not privy to their name. After testing on their own, they found on that indeed you can send that packet to get the realm server to accept them into the game. From there, it was a patch to put and end to the whole thing. It's really been gone that long, since early May.
There was a system put in place that automatically flagged anyone attempting to do the same thing, and as a result, they get tagged/banned. You can attempt to join a open game on a closed realm ip, but all you are getting is the illusion of getting there. Once you are in a closed game, the realm server sends you the information on your character. That's the huge sanity check. You cannot tell the game who you are, it must tell you.
During the non-saving games, some people did not connect to the realm server, and were therefore allowed to say "I exist in this game". This open door allowed Open characters to say "I exist in this game and so do all of the items on my character". When the exploit was patched, non-saving characters could still say "I belong in this game" but open characters never had the chance. The door had been sealed shut.
If you want to try, go right ahead, but you'll come back to this and say "Ok, i give up." Without the 2 qualifications of 1) a bugged game and 2) the server accepting that packet, it is impossible to repeat this.
The only way to have learned this is to work on their own server and researched and developed this, as with many other hacks. The person responsible for it, kept up to date with all blizzard patches, so that it could be developed at the same rate. The server used was d2gs — Diablo 2 Game Server, and the prominent thing about choosing that, is it uses D2Client dll's that are illegal in most countries.
Without revealing anyone's names, let me offer up some of my icq logs.
april 10, 2002
"…with my own server, i have found lots of bugs such as duping, crashing, even uploading…"
"…'uploading' here means you can make a open character into closed character…"
"…and you can make any items and then upload it if you like…"
april 12, 2002
"…i never play on battle.net, but i think i am the richest player in all realms…"
january 2003
"…There was a bug last year where the server accepted the character packet that an open game sent. It never should have done so, and I fixed it as soon as it was brought to my attention…"
I retain his identity, mainly for the fact that I have not spoken to him regarding all the information that was collected and melded together. He's been around for a while, and has been an integral part of D2Hacking. I won't say more, it's just not right, but know that he plays a big role, despite the fact that he appears to be inactive.
Lots of research went into discovering who were the main suppliers for the eBay market. It is amazing how much was collected.
Name: Zheren(first) Zheng(last) Address: Building 28 Tsinghua University Beijing China ZipCode: 100084 Description: Height 177CM, Black Eyes, Black Hair, Yellow Skin Permanent Phone: *withheld* Cell Phone: *withheld* USWest chat: Smth_trade USWest duping: Temp-Work
Zheng worked with one partner, and from there, he began to sell the method. It is reported that it was sold to German brothers for no less than $10,000, one of each controlled the USEast and USWest realms alongside with Zheng and his partner.
The eBay suppliers are not "supplying" fresh stock. Anything they have is based on the last dupe. I'll go as far as saying that the Player Not Found issue has affected them as well. Just watch eBay and you can see what I mean.
The only reason we see the surge in white rings, gauntlets and hexing charms is that they got out to the public, and people duped them in the last gold dupe. They are not new, just new to most people.
I could not have brought all of this information together had i not had the pleasure of working with such respected coders as bootyjuice, Liconics, herzog_zwei and Thrawn. Supplemental information was given to my by the 2 Brian's, whom I am ever grateful for. There has also been some anonymous passing of information that I uphold their anonymity. It is the combined effort of all of us that I have been able to piece this together.
The biggest parts of information came from my logs. Putting 2 and 2 together never occurred, and had I not been looking for some other information in early October, I would not have discovered the confirmed method. Uploading. My thanks to the two guys that were the evidence to successfully conclude this is how it was done.
original source thread: r/Diablo on reddit