research poc
Proof-of-Concept Kernel Driver Spoofs TPM Endorsement Key Reads to Evade Hardware BansTPM-Spoofer
A proof-of-concept kernel driver hooks the Windows TPM stack to randomize public key reads, specifically targeting the Endorsement Key (EK) used by anti-cheat systems for hardware fingerprinting. The technique demonstrates how an attacker can spoof TPM-based hardware identifiers to bypass HWID bans, though the current implementation is easily detectable.