RAW
RAWCHEATS
All Answers
hardware_spoofer

What Is Raw Spoofer?

Raw Spoofer is RawCheats's in-house HWID spoofer — a signed kernel driver that randomizes 16 hardware identifier categories per session against EAC, BattlEye, NeacSafe, Warden, and Ricochet. It runs as an external process (not injected into the game), supports Windows 10 + 11 on Intel and AMD, and costs $4.99 per month. It does not spoof TPM EK, Pluton, or beat Vanguard — and we say so explicitly.

RawCheats Anti-Cheat Research Team — Anti-Cheat Research TeamUpdated May 12, 2026

Raw Spoofer is not a reseller storefront for somebody else's driver. It is written and maintained by the same team that ships our six game cheats, runs the shared SDK behind them, and pushes infrastructure updates simultaneously across the lineup. Here is the full specification.

What it covers

Raw Spoofer randomizes 16 hardware identifier categories at the kernel-driver hook layer:

  1. SMBIOS UUID
  2. SMBIOS serial
  3. SMBIOS manufacturer string
  4. SMBIOS product name
  5. BIOS version
  6. BIOS release date
  7. Motherboard serial number
  8. All SATA and NVMe disk serial numbers
  9. GPT/MBR partition layout (partition GUIDs)
  10. Every NIC's MAC address (onboard, USB, virtual)
  11. GPU device UUID and adapter LUID
  12. MachineGuid (HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid)
  13. Windows Product ID and install date
  14. RAM SPD serials where the modules expose them
  15. USB controller IDs and PCI device IDs (filtered to avoid DMA-collision sentinel values BattlEye flags)
  16. Monitor EDID (basic randomization)

This is the full practical spoofable surface at the kernel driver layer. Per-session randomization means every cold-boot activation generates a new fingerprint — and the real values restore on reboot if the spoofer is not run, so your legitimate Windows install, Steam library, and unaffected accounts stay intact.

Architecture

External process, not injected into the game or launcher. The spoofer driver loads via the Windows service control manager before any game launcher opens. It hooks the Windows kernel functions and IOCTLs that anti-cheats use to read hardware — NtQuerySystemInformation class 76 for SMBIOS per the adrianyy/EACReversing documented EAC read path, IOCTL_STORAGE_QUERY_PROPERTY for disk serials per the ACM MATE 2025 BattlEye paper, NDIS hooks for MACs, DXGI for GPU UUIDs, registry hooks for MachineGuid. When an anti-cheat queries, it gets randomized values; legitimate non-anti-cheat callers (Windows licensing, your motherboard utility) get the real values.

What it does NOT do

We are explicit about the limits because honesty about what we do not do is the foundation for trusting what we do do.

  • No TPM 2.0 endorsement key spoofing. Only Samuel Tulach's tpm-spoofer POC exists publicly and it is unstable research code.
  • No Microsoft Pluton bypass. Pluton's chip-to-cloud attestation is not addressable from kernel mode.
  • No Microsoft Remote Attestation circumvention. This is what Call of Duty: Black Ops 7 added in 2025 — separate threat model entirely.
  • No Ring-3 CPU ID spoofing. Requires a hypervisor with its own detection surface.
  • No UEFI NVRAM persistence. The risk of bricking customer firmware is not worth the marginal stealth benefit.
  • No Riot Vanguard coverage. Vanguard reads TPM EK + UEFI firmware allowlist + 12+ identifiers. The cost of a sustained Vanguard bypass at $4.99/month does not work. RawCheats does not sell Valorant cheats partly for this reason.

Anti-cheats covered

Easy Anti-Cheat (Fortnite non-tournament, Apex Legends, Rust, DayZ, Squad, Halo Infinite, dozens more). BattlEye (PUBG, Rainbow Six Siege, Escape from Tarkov, Arma series). NetEase NeacSafe (Marvel Rivals, Naraka: Bladepoint, Identity V, Once Human — same kernel driver across the NetEase title catalog). Blizzard Warden plus per-title kernel layers including Ricochet (Overwatch 2 — no kernel AC, Warden only; Warzone, COD: MW, BO6 — Ricochet kernel layer; but not BO7 which added Microsoft Remote Attestation).

Pricing and compatibility

$4.99 per month. Windows 10 + Windows 11. Intel + AMD CPUs. Intel, AMD, and NVIDIA GPUs. Cross-vendor compatibility matrix in writing on the Raw Spoofer product page. Shared SDK with the six game cheats — when we improve a hook chain, all products benefit on the next build. 24/7 Discord support from the same team.

Use cases beyond cheating

Three legitimate audiences buy Raw Spoofer for non-cheating reasons. Privacy users randomize hardware fingerprints before selling a PC. Account-separation users (Steam family share recovery, multi-account workflows) want hardware identity independence. Recovery users who got HWID banned by a competitor's product and stopped cheating but cannot get back in on their original hardware. The spoofer does not care why you bought it; randomized identifiers are randomized identifiers.

Why honest scope is the credibility wedge

Most spoofer marketing in 2026 promises everything: TPM, Pluton, Vanguard, Remote Attestation. None of it works at $30/month and the vendors selling it are either misrepresenting their product or shipping infostealer payloads — per the Acronis TRU coverage of Vidar 2.0 in fake spoofers. Raw Spoofer documents the 16 things it does and the 6 things it does not. That difference is what separates a working product from a fairy tale.

For the deeper architecture, the full HWID Spoofer 2026 Guide walks through every identifier and which anti-cheat reads it. To use the product, grab it from the Raw Spoofer page.

Related Pages

Sources

  1. EAC reverse-engineering repositoryadrianyy / Adrian Yarygin
  2. Battling The Eye — BattlEye reverse-engineeringACM MATE Workshop 2025
  3. tpm-spoofer proof-of-conceptSamuel Tulach
  4. Vidar Stealer 2.0 in fake game cheatsAcronis Threat Research Unit
  5. Microsoft Pluton Security ProcessorMicrosoft

Related Questions

How Does a HWID Spoofer Work?

An HWID spoofer loads a signed kernel driver before the anti-cheat does, then hooks the Windows kernel functions and IOCTLs anti-cheats use to read hardware identifiers — SMBIOS via NtQuerySystemInformation, disk serials via IOCTL_STORAGE_QUERY_PROPERTY, MACs via NDIS, MachineGuid from the registry. When the anti-cheat queries, it gets back randomized values instead of your real hardware. Real values restore on reboot.

What Hardware Components Does a Spoofer Randomize?

A 2026 kernel-driver HWID spoofer randomizes 16 categories: SMBIOS (UUID, serial, manufacturer, product, BIOS version, BIOS date), motherboard serial, all SATA + NVMe disk serials, GPT/MBR partition layout, every NIC MAC, GPU UUID and adapter LUID, MachineGuid, Windows Product ID + install date, RAM SPD serials, USB controller IDs, PCI device IDs, and monitor EDID. It cannot randomize TPM endorsement keys, Pluton attestation, or CPU ID via Ring-3.

What Is the Best HWID Spoofer in 2026?

The best HWID spoofer in 2026 is one that hooks at the kernel-driver layer, randomizes 16+ hardware identifiers per session, names the anti-cheats it covers (EAC, BattlEye, NeacSafe, Warden, Ricochet) and explicitly disclaims the ones it does not (Riot Vanguard, Microsoft Pluton, TPM endorsement keys). Raw Spoofer fits that profile at $4.99 and ships from the same in-house engineering team behind the six RawCheats game products.

Will a HWID Spoofer Break My Windows?

No, a reputable kernel-driver HWID spoofer does not break Windows. Raw Spoofer randomizes values at the kernel read path level — it does not rewrite firmware, registry, or licensing. When you reboot without the spoofer, real values return. Windows activation, BitLocker, banking software, and unaffected games continue working normally. Free spoofers that include "UEFI persistence" or registry-permanent modes can brick firmware or break Windows licensing — avoid those.

Raw Fortnite
Live purchase·5m ago
dezz from US bought Raw Fortnite