HWID / TPM Kernel-Level Spoofer
Hardware identity management tool with kernel-level spoofing, deterministic identity generation, virtual TPM 2.0 emulation, and automated forensic trace removal. Dual-mode architecture: WPF user-mode frontend with custom WDM kernel driver. 107 spoofable identifiers across disk, SMBIOS, GPU, MAC, registry, EFI, and TPM surfaces.
SPUF is a hardware identity management tool built with WPF on .NET 10. It pairs a user-mode C# frontend with a custom kernel-mode WDM driver written in C. The application enumerates 124 hardware identifiers and can spoof 107 of them across disk serials, SMBIOS firmware tables, GPU PNP IDs, MAC addresses, registry GUIDs, EFI variables, and TPM identities.
The deterministic identity system uses seed-based PBKDF2 key derivation — the same seed produces the same HWID set every time, with cross-reference consistency between user-mode and kernel-mode spoofing. A full anti-forensics pipeline cleans event logs, prefetch files, BAM entries, DNS cache, ARP tables, activity history, and anti-cheat specific caches.
MVVM architecture with CommunityToolkit.Mvvm. 9 views: Dashboard, Spoof, Clean, Driver, TPM, Monitor, Activate, Requirements, Auth. 50+ styled XAML components with SineEase/CubicEase storyboard animations.
Hook-free WDM driver in C (~900 LOC, 25KB). 5-phase spoof engine: disk serials, SMBIOS firmware tables (Type 0/1/2/3), GPU registry IDs, EFI variable spoofing, and anti-forensics (MmUnloadedDrivers/PiDDB). IOCTL communication via 772-byte SPOOF_CONFIG struct.
Virtual TPM via inline hooks on tbs.dll (Tbsi_Context_Create, Tbsip_Submit_Command). Emulates TPM2_Startup, GetCapability, PCR_Read, GetRandom, ReadPublic, SelfTest. Generates vendor-specific identities (Intel PTT, Infineon SLB, STMicro, Nuvoton, AMD).
Automated trace removal: Windows event logs, prefetch files, BAM entries, DNS/ARP cache, activity history, recent files, jump lists, and anti-cheat caches (EAC, BattlEye). Kernel-level cleanup of MmUnloadedDrivers list and PiDDB cache table.
~42 source files across C# (~5,000+ LOC), C kernel (~900 LOC), and XAML (~1,500+ LOC). 15 core backend files (enumerator + spoofer modules), 3 TPM emulator files, 2 kernel driver source files, and 20 WPF UI files. Deterministic seed system uses PBKDF2 derivation for collision-free identity generation.
Hook-free kernel design — no dispatch table hooks, directly modifies cached data structures. SMBIOS firmware tables patched in-memory, disk serials modified in device extension memory, EFI HardwareConfig subkeys overwritten. Driver unloads clean with no persistent kernel modifications.
Self-contained single-file executable. Windows 10/11 x64. No runtime dependencies.