Can a HWID Spoofer Protect Against Riot Vanguard?

No, not at commercial pricing. Riot Vanguard reads 12+ identifiers including TPM 2.0 endorsement keys and PCR values, enforces a UEFI firmware allowlist (VAN:Restriction), loads as an Early Launch Anti-Malware driver before any other kernel module, and ships per-week signature updates. No commercial spoofer in May 2026 credibly survives Vanguard sustainably. RawCheats does not sell Valorant cheats partly for this reason. Vendors claiming Vanguard support at $5-30/month are misrepresenting.

Can a HWID Spoofer Beat TPM 2.0?

No. TPM 2.0 endorsement keys are signed by the TPM chip manufacturer at production and stored inside the chip itself — they cannot be rewritten from software. Anti-cheats that read TPM EK and PCR values (Vanguard, COD: Black Ops 7 via Remote Attestation, FACEIT, Fortnite tournaments) get a cryptographic identity no commercial spoofer can fake. The only public TPM-spoof attempt — Samuel Tulach's tpm-spoofer POC — is unstable research code.

What Is Microsoft Pluton and Why Does It Matter for Cheats?

Microsoft Pluton is a CPU-integrated security processor shipping on AMD Ryzen 6000+ and Intel Core Ultra processors that provides chip-to-cloud attestation — a cryptographic identity computed by silicon and verified by Microsoft's cloud. It replaces software-readable hardware identifiers with a silicon-rooted attestation that no consumer spoofer can fake. Used today by Call of Duty: Black Ops 7 via Microsoft Remote Attestation. Long-term, Pluton ends the era of HWID spoofers for titles that adopt it.

Raw Spoofer is RawCheats's in-house HWID spoofer — a signed kernel driver that randomizes 16 hardware identifier categories per session against EAC, BattlEye, NeacSafe, Warden, and Ricochet. It runs as an external process (not injected into the game), supports Windows 10 + 11 on Intel and AMD, and costs $4.99 per month. It does not spoof TPM EK, Pluton, or beat Vanguard — and we say so explicitly.

Why Doesn't RawCheats Sell Valorant Cheats?

RawCheats does not sell Valorant cheats because Riot Vanguard is the hardest kernel anti-cheat in the industry. Vanguard reads TPM endorsement keys, runs as an ELAM boot driver from cold-boot before any other software loads, and the VAN:Restriction UEFI firmware allowlist blocks unsigned hardware-level cheats. The cost of sustained Vanguard bypass engineering does not match consumer-tier cheat pricing. We focus on games where we can deliver real value, not games where we'd sell brittle products that fail in weeks.

Can HWID Spoofer Beat Vanguard? Honest 2026 Answer

Vanguard is the hardest anti-cheat target in 2026 by every measurement. Reverse-engineering effort required, identifier breadth, boot-order priority, signature update cadence, TPM integration — every dimension makes Vanguard harder to bypass than EAC, BattlEye, or any other production anti-cheat. Here is the honest breakdown of why and what it means for spoofers.

ELAM boot order

Vanguard's vgk.sys loads as an Early Launch Anti-Malware (ELAM) driver. ELAM is a Microsoft-defined driver class that boots before almost any other kernel driver — earlier than typical anti-virus, earlier than third-party storage drivers, earlier than any consumer spoofer's driver. By the time a spoofer driver tries to install its hooks, vgk.sys is already loaded, already monitoring kernel-mode driver loads, and already validating the boot chain. The race to load before the anti-cheat — which is winnable against EAC and BattlEye — is fundamentally not winnable against Vanguard via standard driver loading.

TPM 2.0 endorsement key reads

Riot's Vanguard documentation makes the TPM 2.0 requirement explicit on Windows 11 — the VAN9001 error is the kill switch when TPM 2.0 is missing or disabled. Vanguard reads the TPM Endorsement Key directly via tpm.sys and verifies the EK signature against the TPM vendor's root certificate. The EK is signed by Infineon, STMicro, or Nuvoton at chip manufacture; it cannot be rewritten from software. Vanguard also reads PCR (Platform Configuration Register) values — cryptographic measurements of the boot chain — that no software spoofer can fake without breaking the boot chain itself.

UEFI firmware allowlist (VAN:Restriction)

Vanguard maintains a list of UEFI firmware versions known to contain exploitable vulnerabilities. When a player's UEFI version matches the deny list, Vanguard issues VAN:Restriction and refuses to allow play. This eliminates an entire category of bypass — running an older BIOS with a known vulnerability that lets you persist into UEFI NVRAM. There is no equivalent on EAC or BattlEye.

12+ identifier composite

In addition to TPM EK and UEFI version, Vanguard reads: SMBIOS (all 6 fields), motherboard serial, disk serials, MACs, GPU UUID, monitor EDID, RAM SPD serials, USB controller IDs, CPU ID via kernel __cpuid. The composite is wider than any other production AC and cross-validated — a successful spoof would need to randomize 12+ identifiers simultaneously in ways that are internally consistent and that match the TPM-rooted attestation. No commercial spoofer credibly does this.

Update cadence funded by Riot's revenue

Vanguard is staffed by a Riot-funded team that ships signature updates roughly weekly. Riot's revenue from League of Legends and Valorant funds an anti-cheat program that no consumer spoofer vendor can match for engineering hours. Every detection of a hook pattern propagates to a signature update within days. A spoofer that bypasses Vanguard on Monday is signature-detected by Friday. Sustained bypass requires continuous engineering at a scale that does not match $5-30/month consumer pricing.

Ban-wave scale

Riot disclosed 2.3 million HWID bans in 2025. The January 2026 wave took down 340,000 accounts in 5 days specifically targeting outdated spoofers. The economics of Valorant cheating are upside-down: cheat for a week, get caught, eat a hardware ban that takes you out of the Vanguard ecosystem entirely (League of Legends also runs Vanguard on Windows 11 now). The cost-of-ownership math does not work.

Tulach's TPM-spoofer POC

The only public attempt at TPM EK spoofing is Samuel Tulach's tpm-spoofer. It is research-grade code, not a product. Known reliability issues. Recent Vanguard updates have added detection for the specific hook patterns it uses. Tulach archived the related mutante project years ago as obsolete. Vendors who cite Tulach's work as the basis for their "Vanguard spoofer" are either misrepresenting what they actually ship or shipping the POC code unchanged with all its known instabilities.

Why RawCheats does not sell Valorant cheats

We are explicit about this. Vanguard's combination of TPM EK + UEFI allowlist + ELAM + 12+ identifier composite + weekly updates + Riot-funded staffing makes a sustained Vanguard bypass an order of magnitude harder than any other AC. The cost of maintaining a working bypass at consumer pricing does not work. We sell six game cheats (Fortnite, Rust, PUBG, Overwatch, Marvel Rivals, Arc Raiders) and Raw Spoofer for the anti-cheats those games run (EAC, BattlEye, NeacSafe, Warden + Ricochet). Valorant is intentionally out of scope. Vendors who promise Valorant coverage at $30/month are either lying or running infostealer payloads — per the Acronis TRU coverage of fake game cheats.

What this means for the broader AC landscape

Vanguard is the model that Microsoft is pushing every AC vendor toward. Pluton + Remote Attestation extends Vanguard's TPM-rooted approach to titles like COD: Black Ops 7. The trajectory is clear — TPM-rooted attestation will spread. Track that direction in TPM, Pluton, and Remote Attestation outlook for 2027. For now, Raw Spoofer remains effective on EAC, BattlEye, NeacSafe, Warden, and Ricochet because those ACs do not require TPM-rooted attestation. Vanguard is the wall.

For the deeper Vanguard-specific cluster, see HWID Spoofer for Vanguard — why it is the hardest target.