RAW
RAWCHEATS
All Articles
eac hwid spoofer

HWID Spoofer for EAC Games — Fortnite, Apex, Rust, DayZ, Squad (2026)

RawCheats Research TeamMay 12, 202611 min readUpdated May 2026
HWID Spoofer for EAC Games — Fortnite, Apex, Rust, DayZ, Squad (2026)

EAC-specific HWID spoofer guide for 2026. What Easy Anti-Cheat reads per the adrianyy/EACReversing source, and what a spoofer needs to randomize to survive.

The February 19, 2026 Fortnite IOMMU + TPM + Secure Boot mandate didn't just reset the DMA cheat market — it telegraphed Epic's intent for the rest of their EAC-published lineup. Tournament tier is the testbed, and the same mandates have already started rolling into ranked tiers across Apex Legends, Rust, and Squad. The result for HWID spoofers is a stricter operating environment than 2024-2025 — but the core EAC fingerprint hasn't changed, and the spoofer techniques that worked against EAC's kernel driver still work, provided they cover the right identifier set and update on EAC's signature-push cadence.

This post is a cluster of the HWID Spoofer Complete 2026 Guide pillar. The pillar covered the full per-AC matrix; this piece is the deep read on EAC specifically — what it reads, how the kernel driver constructs its fingerprint, and what survives 2026's tighter signature scanning.

What Easy Anti-Cheat Reads (Per the Reverse-Engineered Source)

The adrianyy/EACReversing repository plus the partial source leak of EasyAntiCheat.sys from 2020 (which still describes 80%+ of the current driver's hardware-read paths despite years of updates) documents EAC's fingerprint construction. The driver reads roughly eight identifier categories and SHA-hashes the normalized values into a single composite. That composite is what gets compared against EAC's server-side ban list at every session start.

The specific reads:

SMBIOS data. EAC calls NtQuerySystemInformation with information class 76 (SystemFirmwareTableInformation), provider RSMB. The returned buffer is the raw SMBIOS table — Type 0 (BIOS information), Type 1 (System information including UUID), Type 2 (Baseboard information including motherboard serial). EAC parses the buffer and extracts UUID, serial, manufacturer, product, BIOS version, BIOS release date.

SCSI registry enumeration. EAC walks HKLM\Hardware\DeviceMap\Scsi and enumerates the registered storage adapters. The registry path contains references to each connected disk and its identifying strings. This is the registry-layer view of storage that EAC cross-references against the IOCTL-layer view.

CentralProcessor registry key. Under HKLM\Hardware\Description\System\CentralProcessor, Windows stores the CPU identification string and feature flags. EAC reads this for the CPU ID portion of the composite.

NetworkAdapter class enumeration. EAC walks the device manager's NetworkAdapter class GUID {4d36e972-e325-11ce-bfc1-08002be10318} and reads each adapter's NetCfgInstanceId plus its NetworkAddress registry value (the MAC). This includes every NIC: physical Ethernet, WiFi, Bluetooth PAN, virtual adapters from Hyper-V or VirtualBox.

MachineGuid. Single registry value at HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid. Generated by Windows at install time and stable across reboots. Trivially spoofable.

Windows Activation Technologies (WAT) AdminObject. A COM-based query into Windows licensing state. Includes Product ID and install date.

WMI block. EAC opens a WMI block via IoWMIOpenBlock / IoWMIQueryAllData to read additional hardware data the previous reads might have missed — GPU adapter info, monitor EDID under some configurations, USB controller enumeration.

Disk serials via IOCTL. Separate from the SCSI registry read, EAC issues IOCTL_STORAGE_QUERY_PROPERTY directly to each storage device to pull the per-drive serial number. This is the read most spoofer-failure cases hinge on — vendors who hook only the registry layer miss this IOCTL path.

The composite construction uses a salted SHA hash. Each identifier is normalized (uppercase, whitespace stripped, specific padding), concatenated in a fixed order, and hashed. The final hash is what EAC sends to its servers for ban-list comparison. There's no "fuzzy match" — either the entire composite matches a banned entry or it doesn't.

Games Currently Covered by EAC

The EAC kernel driver fingerprint above applies to every EAC-published title. The list in 2026 includes:

  • Fortnite (Epic's flagship, since 2018 acquisition)
  • Apex Legends (Respawn / EA)
  • Rust (Facepunch)
  • DayZ (Bohemia Interactive)
  • Squad (Offworld Industries)
  • Halo Infinite (343 Industries — multiplayer)
  • The Finals (Embark Studios)
  • Hunt: Showdown (Crytek)
  • For Honor (Ubisoft)
  • Rocket League (Psyonix / Epic)
  • Splitgate 2 (1047 Games)
  • Dozens of mid-tier multiplayer titles

A HWID ban from any of these can cascade to others depending on the title publisher's opt-in to EAC's cross-game ban list. Epic-published titles (Fortnite, Rocket League, Splitgate 2) are tightly linked; third-party titles can opt out but most don't because the cross-game ban list is the value proposition for using EAC over a self-built solution.

The practical implication for HWID-banned users: an EAC ban from a single title may lock you out of half a dozen unrelated games until you spoof. We've had Raw Spoofer customers come in expecting to recover Fortnite access and discover their Apex Legends, Rust, and Hunt: Showdown accounts were equally locked. The spoofer fixes all of them at once because the EAC fingerprint underneath is shared.

What Changed in EAC's Q1-Q2 2026 Rebuild

EAC shipped a material kernel-driver rebuild in Q1-Q2 2026 (covered in our How Fortnite Anti-Cheat Works cluster). Three changes affected HWID spoofers specifically:

1. Faster signature comparison. The new scanner runs roughly 3-4× faster than the prior generation, which means stale spoofer-driver signatures get matched more aggressively against EAC's database. Vendors with slow update cadence get caught faster post-rebuild than they did pre-rebuild.

2. Expanded kernel memory pool coverage. EAC previously didn't scan certain kernel memory regions where some spoofers stored their hook tables and randomization state. The 2026 rebuild added coverage for these pools. Spoofers that survived 2025 by hiding state in those pools needed to relocate.

3. Tighter callback registration. EAC's kernel callbacks on process creation, thread creation, and image loading now fire earlier in the boot sequence. A spoofer driver that loads after EAC's callbacks are registered gets observed in real time. This pushed the "load before EAC" pressure higher and made driver-load timing more important.

The composite identifier list itself didn't change. The same eight categories are still what EAC reads. The detection sophistication around those reads is what tightened.

What a Working EAC Spoofer Needs to Cover

For a spoofer to survive against EAC in 2026, it needs to credibly randomize the following with consistent values across all read paths:

  • SMBIOS Type 0, Type 1, Type 2 — UUID, motherboard serial, manufacturer, product, BIOS version, BIOS release date. Hooked at the firmware-table parse layer so both NtQuerySystemInformation and direct firmware reads return matching values.
  • Disk serials — every connected disk. Both the IOCTL path and the SCSI registry path must return matching values per disk.
  • MAC addresses — every NIC including hidden / virtual. Both the NDIS read path and the NetworkAddress registry path.
  • MachineGuid — single registry write.
  • Windows Product ID + install date — registry writes.
  • CPU registry copyCentralProcessor key. Note: this is the registry CPU ID, not the silicon CPUID. The silicon read requires either hypervisor or kernel CPUID hook, both of which add detection surface. Most spoofers (including Raw Spoofer) hook the registry but not the silicon. EAC cross-checks rarely enough that this is acceptable.
  • WMI responses — for any hardware identifier WMI can return, the spoofer needs to intercept the WMI block reads to return matching values.

The eight Raw Spoofer-covered identifier categories that map specifically to EAC: SMBIOS, motherboard, disks, MACs, MachineGuid, Windows Product ID, registry CPU, WMI. Plus the additional categories that some EAC-published titles read at tournament tier — GPU UUID, USB controller, PCI device, monitor EDID, RAM SPD — which Raw Spoofer also covers for the higher-tier ban risk.

Per-Game Quirks Within the EAC Family

Within the EAC-published titles, each game's specific HWID enforcement has slight quirks worth knowing:

Fortnite. The most aggressive within EAC because it's Epic's own. Tournament tier adds Secure Boot + TPM 2.0 + IOMMU requirements as of February 2026. Behavioral analysis layer (proprietary, not part of EAC itself) cross-references HWID fingerprint with kill rate and accuracy distributions. See Fortnite HWID Spoofer Guide for the Fortnite-specific cluster.

Apex Legends. EA's competitive ladder takes EAC bans hard — Apex tournament tier requires the same Secure Boot + TPM 2.0 mandate that Fortnite established. Ban-wave cadence is roughly bi-weekly. Cross-game ban propagation is opt-in but EA opted in.

Rust. Facepunch operates a relatively standard EAC integration. The community-server tier varies — some servers run EAC, some don't. Vanilla / facepunch-official servers all run EAC. Ban-wave cadence is monthly. See our Raw Rust product for Rust-specific tuning.

DayZ. Bohemia's EAC integration is conservative — it reads the standard composite and doesn't add aggressive behavioral overlay. Ban-wave cadence is irregular.

Squad. Same as DayZ — standard EAC enforcement, no significant behavioral layer.

Halo Infinite. 343's integration is more aggressive than Squad / DayZ — closer to Apex / Fortnite. Multiplayer competitive tier has its own server-side anomaly detection.

Hunt: Showdown. Standard EAC. Ban-wave cadence is bi-weekly.

The Finals. Embark added an extra behavioral overlay on top of EAC, similar to Fortnite's Layer 2 but less mature. Standard HWID enforcement underneath.

The practical effect of these per-game variations is that a spoofer tuned for the standard EAC composite works across the entire lineup. The variation is at the AC-vendor's behavioral overlay, which is server-side and not affected by HWID spoofing. You spoof to bypass the hardware-ban check; you tune your in-game cheat settings conservatively to avoid the behavioral overlay flagging your account.

What Raw Spoofer Does Against EAC

Sixteen identifier categories at the kernel-driver layer, of which the EAC-relevant subset is eight: SMBIOS (5 sub-fields), motherboard serial, all disk serials, GPT/MBR layout, every NIC's MAC, MachineGuid, Windows Product ID + install date, registry CPU ID. Plus the additional categories that map to higher-tier EAC enforcement (Fortnite tournament, Apex competitive): GPU UUID, USB controller IDs, PCI device IDs (avoiding DMA-collision sentinels), monitor EDID, RAM SPD serials.

Raw Spoofer is external — runs as its own process, never injects into the game or the EAC service. External design is meaningfully harder for EAC's memory scanner because EAC can't sweep memory regions outside its own process. In-house engineering — same team that builds Raw Fortnite, Raw Rust, Raw Rivals, Raw Arc Raiders, Raw Overwatch, Raw PUBG. The spoofer is on the same shared SDK as those products, so improvements to the bypass infrastructure roll out across the lineup simultaneously.

Cross-version compatibility — Windows 10 + Windows 11. Intel + AMD CPUs. Intel, AMD, NVIDIA GPUs. Signed driver — Secure Boot stays on, which is required for Fortnite tournament tier anyway.

What Raw Spoofer does NOT cover: TPM endorsement keys (no commercial spoofer credibly does), Pluton root of trust (not consumer-spoofable in 2026), Microsoft Remote Attestation (silicon-rooted, not in scope for any Layer 1 spoofer). EAC doesn't currently read TPM EK for the standard tier of any title, so this isn't an EAC blocker. It becomes relevant only if Epic extends Fortnite-tournament-tier TPM checks downward, which is a future risk we're tracking.

Frequently Asked Questions

Will Raw Spoofer protect my Fortnite tournament account?

For ranked / pubs / Zero Build / Cash Cup tier, yes. The standard EAC composite is fully covered. For FNCS Major qualifiers and the very highest tournament tiers, the TPM 2.0 EK read fires — Raw Spoofer doesn't randomize that, and no commercial spoofer does. The deeper TPM Pluton outlook cluster covers what this means for the future.

Does EAC ban my hardware across multiple games at once?

If the games are EAC-published and the publisher opted into cross-game ban propagation, yes. Most do because the value proposition of using EAC includes the shared ban list. The practical impact is that a Fortnite ban can lock you out of Apex, Rust, Squad, Halo Infinite, and a dozen other titles at once.

How fast does EAC's signature scanner detect a spoofer that's gone stale?

Post Q1-Q2 2026 rebuild, hours to days for an unupdated spoofer. EAC pushes signature updates every 2-3 weeks for major patches and continuously for minor ones. A spoofer whose status page hasn't moved in a month is shipping a product that's already been signature-scanned. Always check the vendor's status before buying.

Can I use a spoofer for one EAC game but not another on the same hardware?

No, hardware fingerprinting is per-machine not per-game. Running the spoofer means every game running on the machine sees the randomized fingerprint, including legitimate games where you don't intend to cheat. This isn't a problem (legitimate games don't care about HWID for anti-cheat purposes; they're identity-bound by account login) but it's worth understanding the scope.

Does Raw Spoofer break my Steam licensing?

No. Steam licensing is account-bound and Steam-Guard-bound. It doesn't depend on hardware fingerprint matching. We've tested with Steam, Epic Games Store, EA App, Battle.net, Ubisoft Connect — all continue to work normally with the spoofer active. The spoofer specifically discriminates between AC-pattern reads (returns randomized) and licensing-pattern reads (returns real) so legitimate software isn't affected.

What's the ban-recovery time if I get caught again?

Same hardware, same publisher account = you're now double-banned. New spoofer activation plus new publisher account is required. The deeper recovering from a hardware ban workflow cluster walks through the steps. Plan ahead — the 11-step workflow is more reliable than trying to improvise after the second ban.

Ready to spoof against EAC? Raw Spoofer covers the full EAC composite at the kernel-driver layer — SMBIOS, motherboard, disks, MACs, MachineGuid, Windows Product ID, plus the tournament-tier extensions for GPU, USB, PCI, EDID, and RAM SPD. Pair it with Raw Fortnite, Raw Rust, or any of our game cheats for a complete setup. Live cheat status: check the product pages.

Related
› guides › hwid-spoofer-complete-2026-guide › blog › how-hwid-spoofers-work-driver-uefi-tpm-techniques-2026 › blog › how-fortnite-anti-cheat-works-eac-battleye-2026 › blog › recovering-from-hardware-ban-workflow-2026 › blog › tpm-pluton-remote-attestation-will-hwid-spoofers-work-2027 › products › hwid-spoofer › products › fortnite › products › rust › products
Raw Fortnite
Live purchase·5m ago
dezz from US bought Raw Fortnite