Universal
Multi-Platform Technical Whitepaper // Universal HWID Bypass Architecture
Complete Hardware Identity Spoofing
- Motherboard Serials: SMBIOS, ACPI, WMI queries all intercepted. BaseBoard, SystemEnclosure, BIOS serials randomized at kernel level.
- CPU Identifiers: CPUID instruction hooks return spoofed processor signatures. Serial numbers, microcode revisions fully masked.
- GPU Device IDs: All graphics adapters spoofed—NVIDIA, AMD, Intel. PCI vendor/device IDs, VBIOS serials, registry entries modified.
- MAC Addresses: Physical address spoofing across all network interfaces. NDIS filter driver ensures consistent values to OS and applications.
- TPM 2.0 Modules: Endorsement keys, attestation certificates, and platform hierarchy fully virtualized with random entropy.
- Storage Devices: HDD/SSD/NVMe serials spoofed via minifilter. SMART data, firmware revisions, model strings all randomized.
- Registry & EFI: System-wide registry cleanup removes old identifiers. EFI variable manipulation ensures persistence across reboots.
Universal Anti-Cheat Bypass Matrix
- Vanguard (Valorant): Ring 0 driver with boot-time initialization. Our signed driver loads earlier, establishing hooks before vgk.sys.
- EasyAntiCheat (Fortnite, Apex, Rust): User-mode and kernel components. HWID collection at both levels fully intercepted.
- BattlEye (R6S, DayZ, Tarkov): Deep kernel scanner. Our driver mimics legitimate hardware vendor signatures, evading detection.
- VAC (CS2, DOTA2): Primarily user-mode with limited kernel access. Hardware queries spoofed at API layer.
- FACEIT, ESEA: Client-side + server-side verification. HWID submitted to servers is fully randomized per session.
- Ricochet (Warzone, MW): Kernel driver with hypervisor detection. Our nested hooks mask all VM/debug artifacts at CPUID/MSR level.
- nProtect GameGuard: Legacy protection. Trivially bypassed via driver DSE exploitation and IAT hooking.
NeverKernel's universal HWID technology operates through legitimately signed kernel drivers with hardware vendor certificates, ensuring full compatibility with Windows Secure Boot, HVCI, and modern security policies. The spoofer persists across system restarts via strategic boot-time initialization and registry manipulation, providing permanent protection against HWID-based bans on any platform.