RAW
RAWCHEATS
All Answers
hardware_spoofer

Can a HWID Spoofer Beat TPM 2.0?

No. TPM 2.0 endorsement keys are signed by the TPM chip manufacturer at production and stored inside the chip itself — they cannot be rewritten from software. Anti-cheats that read TPM EK and PCR values (Vanguard, COD: Black Ops 7 via Remote Attestation, FACEIT, Fortnite tournaments) get a cryptographic identity no commercial spoofer can fake. The only public TPM-spoof attempt — Samuel Tulach's tpm-spoofer POC — is unstable research code.

RawCheats Anti-Cheat Research Team — Anti-Cheat Research TeamUpdated May 12, 2026

TPM 2.0 broke the spoofer model that worked through 2024. The honest answer to "can a spoofer beat TPM 2.0" is no, and any vendor telling you otherwise is selling fiction. Here is the technical reason, the current state of research, and what it means for what you can actually still cheat on in May 2026.

What TPM 2.0 actually stores

A Trusted Platform Module 2.0 chip is a discrete piece of silicon — either soldered onto your motherboard (dTPM) or integrated into your CPU as a firmware TPM (fTPM, including AMD's PSP-based TPM and Intel's PTT). At manufacture, the TPM vendor (Infineon, ST Microelectronics, Nuvoton) generates an Endorsement Key (EK) inside the chip, signs it with their root certificate, and burns it into the TPM's protected storage. The EK never leaves the chip in plaintext; cryptographic operations using it happen inside the TPM silicon. The Platform Configuration Registers (PCRs) hold cryptographic measurements of the boot chain — UEFI firmware, bootloader, OS kernel — that update at every boot and cannot be rolled back by software.

Why software cannot spoof EK

A HWID spoofer operates from kernel mode on the Windows side. The TPM is on the other side of a hardware bus (LPC, SPI, or the internal CPU fabric for fTPMs). Reading the EK goes through tpm.sys, which talks to the chip via TPM 2.0 commands defined in the Trusted Computing Group spec. The spoofer can hook tpm.sys and lie about what comes back — but the anti-cheat verifies the returned EK against the manufacturer's root certificate chain. A randomly-generated fake EK will not verify. Worse, modern anti-cheats use the TPM to perform cryptographic challenges: the AC sends a nonce, asks the TPM to sign it with the EK, and verifies the signature against the manufacturer's public key. A spoofer cannot forge a signature without the private key, which is in the chip.

Microsoft Remote Attestation makes it worse

Microsoft Remote Attestation takes this further. At boot, the client contacts Microsoft's attestation service and submits a TPM-signed quote of the PCR values. Microsoft verifies the quote against its records, signs an attestation token, and the game client uses that token to authenticate to the game server. If your TPM EK is on the banned list, Microsoft refuses to issue the token and the game refuses to start. Call of Duty: Black Ops 7 deployed this in 2025. No software spoofer interposes on the boot chain in a way that fakes the Microsoft service's verification.

The Tulach proof-of-concept

Samuel Tulach's tpm-spoofer is the only public attempt at TPM 2.0 EK randomization. It is research-grade code, not a product. The README acknowledges instability, the technique relies on hooking the TPM driver in ways that break legitimate Windows features (BitLocker recovery, Windows Hello, Pluton-based credentials), and recent Vanguard updates have added detection for the specific hook patterns it uses. Tulach himself archived the related mutante project. The takeaway: this is a fascinating research direction but it is not a commercial product and probably never will be at consumer pricing.

What this means in practice

Vanguard reads TPM EKs by design — that is documented in Riot's official Vanguard pages. RawCheats does not sell Valorant cheats specifically because the cost-of-ownership math on a sustained Vanguard bypass does not work. FACEIT's CS2 anti-cheat tier requires TPM 2.0 + Secure Boot on Windows 11. Fortnite tournament tier mandated TPM 2.0 + Secure Boot + IOMMU in February 2026 per the VideoCardz coverage of the rule change. For all of those, the spoofer is not the right tool — the alternative is either a hardware path (different TPM, different CPU for fTPM users) or accepting that you cannot play those tiers.

What is still spoofable

Casual and ranked tiers for EAC titles (Fortnite non-tournament, Apex, Rust, DayZ, Squad), BattlEye titles (PUBG, R6, Tarkov, Arma), NeacSafe (Marvel Rivals, NetEase ecosystem), Warden plus Ricochet (Overwatch 2, Warzone, COD: MW/BO6 — but not BO7 with Remote Attestation). For these, the 16 driver-layer identifiers the spoofer randomizes are enough because the AC does not require a TPM-rooted attestation. Raw Spoofer is built for this scope and is explicit about not touching TPM EK.

The forward direction

Microsoft is pushing chip-to-cloud attestation aggressively. Pluton ships on every new AMD Ryzen 6000+ and Intel Core Ultra processor. Over the next 2-3 years, expect more anti-cheats to follow Vanguard and BO7 into TPM-rooted territory. The honest read: driver-layer HWID spoofers remain viable for the games people actually buy cheats for today, but the long-term trajectory favors the anti-cheats. Track it in TPM, Pluton, and Remote Attestation outlook.

Related Pages

Sources

  1. tpm-spoofer proof-of-conceptSamuel Tulach
  2. Microsoft Pluton Security ProcessorMicrosoft
  3. Riot Vanguard official documentationRiot Games
  4. Fortnite mandates Secure Boot, TPM, IOMMUVideoCardz
  5. Windows hardware security architectureMicrosoft

Related Questions

What Is the Best HWID Spoofer in 2026?

The best HWID spoofer in 2026 is one that hooks at the kernel-driver layer, randomizes 16+ hardware identifiers per session, names the anti-cheats it covers (EAC, BattlEye, NeacSafe, Warden, Ricochet) and explicitly disclaims the ones it does not (Riot Vanguard, Microsoft Pluton, TPM endorsement keys). Raw Spoofer fits that profile at $4.99 and ships from the same in-house engineering team behind the six RawCheats game products.

How Does a HWID Spoofer Work?

An HWID spoofer loads a signed kernel driver before the anti-cheat does, then hooks the Windows kernel functions and IOCTLs anti-cheats use to read hardware identifiers — SMBIOS via NtQuerySystemInformation, disk serials via IOCTL_STORAGE_QUERY_PROPERTY, MACs via NDIS, MachineGuid from the registry. When the anti-cheat queries, it gets back randomized values instead of your real hardware. Real values restore on reboot.

Can a HWID Spoofer Protect Against Riot Vanguard?

No, not at commercial pricing. Riot Vanguard reads 12+ identifiers including TPM 2.0 endorsement keys and PCR values, enforces a UEFI firmware allowlist (VAN:Restriction), loads as an Early Launch Anti-Malware driver before any other kernel module, and ships per-week signature updates. No commercial spoofer in May 2026 credibly survives Vanguard sustainably. RawCheats does not sell Valorant cheats partly for this reason. Vendors claiming Vanguard support at $5-30/month are misrepresenting.

What Is Microsoft Pluton and Why Does It Matter for Cheats?

Microsoft Pluton is a CPU-integrated security processor shipping on AMD Ryzen 6000+ and Intel Core Ultra processors that provides chip-to-cloud attestation — a cryptographic identity computed by silicon and verified by Microsoft's cloud. It replaces software-readable hardware identifiers with a silicon-rooted attestation that no consumer spoofer can fake. Used today by Call of Duty: Black Ops 7 via Microsoft Remote Attestation. Long-term, Pluton ends the era of HWID spoofers for titles that adopt it.

Raw Fortnite
Live purchase·5m ago
dezz from US bought Raw Fortnite