Spoofer Guide: HWID, MAC, and Serial Number Spoofing

What Is Hardware ID Spoofing?

Hardware ID (HWID) spoofing is the process of changing or masking the unique identifiers that your computer's components report to software. When you get banned in a game, the anti-cheat system records not just your account but your hardware identifiers — your motherboard serial, disk drive serial numbers, MAC address, GPU ID, BIOS UUID, and more. Creating a new account won't help because the anti-cheat recognizes your hardware and bans the new account automatically. A spoofer changes these identifiers so your PC appears as a completely different machine.

What Hardware IDs Do Anti-Cheats Collect?

Different anti-cheat systems collect different identifiers, but here's the comprehensive list of what modern anti-cheats like RICOCHET, Vanguard, EAC, and BattlEye may fingerprint:

Disk Drive Identifiers

• Disk serial numbers: Every HDD and SSD has a unique serial number burned into firmware. This is the most commonly used HWID component.
• Volume serial numbers: Windows assigns a serial to each partition when formatted. Easier to change than disk serials but still collected.
• SMART data: Drive health data that includes unique identifiers like model number and firmware revision.

Network Identifiers

• MAC addresses: Every network adapter (Ethernet, WiFi, Bluetooth) has a unique 48-bit MAC address. Relatively easy to spoof.
• IP address: Your public IP is logged but not typically used for hardware bans (too many users share IPs via NAT).

Motherboard and BIOS

• SMBIOS UUID: A unique identifier stored in the BIOS/UEFI. This is one of the hardest identifiers to spoof because it requires BIOS-level modification.
• Motherboard serial number: Reported by WMI (Windows Management Instrumentation).
• BIOS serial/version: The BIOS firmware version and serial number.
• Baseboard serial: Another motherboard identifier reported through DMI tables.

GPU Identifiers

• GPU serial number: NVIDIA and AMD GPUs have unique serial numbers accessible through their driver APIs.
• GPU BIOS version: The GPU's firmware identifier.

CPU Identifiers

• CPUID: The processor's stepping, model, and family information. Not truly unique (all CPUs of the same model share it) but combined with other data it contributes to a unique fingerprint.
• Processor serial number: Deprecated on modern CPUs (disabled since Pentium III controversy), but some anti-cheats still query it.

Windows Identifiers

• Windows product key/installation ID: Unique to your Windows installation.
• Machine GUID: Stored in the Windows registry at HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid.
• Computer SID: Security Identifier assigned during Windows installation.

How Spoofers Work

Spoofers operate at different levels of the system, each with different effectiveness:

Registry-Level Spoofing

The simplest approach: modify Windows registry values that store hardware identifiers. Machine GUID, volume serial numbers, and some adapter IDs can be changed by editing registry keys. This works against basic anti-cheat that queries WMI (which reads from the registry) but fails against anti-cheat that reads hardware directly through kernel drivers.

Driver-Level Spoofing (Kernel Spoofers)

The standard approach for modern spoofers. A kernel driver intercepts requests for hardware information and returns spoofed values. When the anti-cheat driver queries the disk serial number through IOCTL calls, the spoofer driver intercepts the response and replaces the real serial with a randomized one. This works at the same privilege level as anti-cheat kernel drivers.

Kernel spoofers typically hook these system calls and drivers:

• StorPort.sys / disk.sys — for disk serial numbers
• ndis.sys — for MAC addresses
• SMBIOS table access — for motherboard/BIOS identifiers
• WMI providers — for various hardware queries
• NtQuerySystemInformation — for system-level hardware data

Firmware-Level Spoofing

The most thorough approach: actually modify the firmware of hardware devices. Flash a new serial number to your SSD's firmware, modify your NIC's MAC at the hardware level, or update BIOS tables with new UUIDs. This survives all software-level queries because the hardware itself reports different identifiers. The downside is risk — flashing incorrect firmware can brick devices — and complexity.

Step-by-Step: Using a HWID Spoofer

Here's the general process for using a kernel-level spoofer (the most common type):

Before Spoofing

1. Disable Secure Boot in BIOS — kernel spoofers need to load unsigned drivers
2. Enable Test Signing or use a driver signing exploit (spoofer instructions will specify)
3. Clean your current ban: Uninstall the game completely, delete all game folders, clear registry entries related to the game and anti-cheat
4. Reset Windows Firewall rules that may contain your old hardware identifiers

Running the Spoofer

1. Boot into Safe Mode (some spoofers require this to load before anti-cheat)
2. Run the spoofer — it loads a kernel driver and generates randomized hardware IDs
3. Verify spoofing: Use tools like wmic diskdrive get serialnumber and getmac to confirm your identifiers have changed
4. Reboot normally
5. Create a new game account — do NOT log into your banned account, as that links the new HWID to the old ban
6. Install and launch the game

After Spoofing

• Run the spoofer before every gaming session (spoofed values may not persist across reboots)
• Use a different email, payment method, and display name for the new account
• Avoid behaviors that got you banned originally
• Some spoofers offer persistent mode that survives reboots — check your specific tool's documentation

Game-Specific Spoofing Requirements

Call of Duty (RICOCHET)

RICOCHET collects an extensive hardware fingerprint including disk serials, motherboard UUID, MAC addresses, and Windows installation ID. Effective spoofing requires changing all of these simultaneously. RICOCHET also uses behavioral fingerprinting — if your play patterns match a banned account, you may be flagged even with clean hardware IDs. Full Windows reinstall combined with spoofing is recommended.

Valorant (Vanguard)

Vanguard loads at boot time (before the OS fully initializes) and collects hardware IDs very early. Standard spoofers that load after Windows may be too late. Effective Valorant spoofing requires either a spoofer that loads at UEFI/boot level or a firmware-level approach. Vanguard also collects TPM (Trusted Platform Module) data on supported systems.

EAC (Easy Anti-Cheat) Games

EAC (used in Fortnite, Apex, Rust, etc.) collects disk serials, MAC addresses, and motherboard IDs. EAC's HWID banning is less aggressive than RICOCHET or Vanguard — a standard kernel spoofer typically works. However, EAC has been observed collecting additional telemetry like installed software lists and registry artifacts, so a thorough cleanup is important.

BattlEye Games

BattlEye (R6 Siege, DayZ, PUBG, Tarkov) uses a combination of HWID and device fingerprinting. BattlEye bans are tied to a "BattlEye GUID" which is derived from hardware identifiers. Spoofing the underlying identifiers changes the GUID, allowing a fresh start.

Common Spoofing Mistakes

• Not spoofing everything: Missing even one identifier can link your new account to the old ban. If you spoof disk serials but forget MAC addresses, you're still caught.
• Logging into the banned account: Never, ever log into your banned account after spoofing. This instantly links the new HWID to the ban.
• Using the same email/payment: Anti-cheat systems also fingerprint accounts by email domain, payment method, and IP address.
• Not cleaning before spoofing: Old game files, anti-cheat remnants, and registry entries can contain your original HWID. Clean everything before spoofing.
• Forgetting about linked accounts: If your game account is linked to Steam, Epic, or another platform, the ban may persist through the platform link regardless of HWID spoofing.

MAC Address Spoofing (Simple Method)

MAC spoofing is the easiest form of hardware spoofing and can be done without any third-party tools:

1. Open Device Manager
2. Expand Network Adapters
3. Right-click your adapter → Properties → Advanced
4. Find "Network Address" or "Locally Administered Address"
5. Enter a new 12-character hex value (e.g., 02A1B2C3D4E5)
6. Click OK and restart the adapter

This changes the MAC at the OS level. For full MAC spoofing, you may also need to modify the adapter's EEPROM (hardware-level MAC), which requires specialized tools for each adapter chipset.