tpm-mmio | All TPM "Bypasses" Detected

Page 1 of 4 1 23 Last »
05/29/2024 21:40 LukeManolia#1
WDK MMIO Implementation for TPM_ReadPublic

Many spoofing providers believe that hooking OS-provided resources like tbs.sys or tpm.sys is sufficient to hide the TPM's Endorsement Key (EK) and presence from anti-cheat systems. This proof of concept (POC) demonstrates how Memory-Mapped I/O (MMIO) can be used to directly query the TPM state and the EK from the chip itself, bypassing any OS hooks.

Installation
  • In CMD shell: ``shutdown /r /t 0 /o`` or Start button -> Power icon -> SHIFT key + Restart
  • Navigate: Troubleshooting -> Advanced Settings -> Startup Settings -> Reboot
  • After reset choose F7 or 7 “Disable driver signature checks”
  • Load driver using sc start/sc create.

"Bypassing" or "Hooking" MMIO
Frankly, there is no way to "bypass" or "hook" MMIO. The only viable method to spoof a TPM's EK is through a hypervisor, which traps the guest TPM MMIO registers to redirect them to your own handler.

Creating a hypervisor today is very challenging, especially since anti-cheat systems are becoming increasingly sophisticated and have numerous tricks to fault your hypervisor and cause the guest PC to bugcheck.

Detection Vectors of a Hypervisor

Even if you manage to create a fully undetected hypervisor and intercept/handle the MMIO TPM commands, you can still be detected.

The primary selling point of the TPM is its Remote Attestation capability, which can attest whether an EK is valid and whether the TPM device is genuine.

How Remote Attestation Works:
  1. Every TPM includes an Endorsement Key (EK) signed by a root EK, which belongs to the TPM vendor. It also includes an Attestation Key (AK). The client sends the TPM EK and AK to a server.
  2. The server verifies the EK based on the TPM vendor's root CA certificate. The server generates a random secret and encrypts it, along with the AK, using the EK public key to create a challenge. The server then sends the challenge to the client.
  3. The client decrypts the secret with the EK private key and checks the AK. The client then sends the secret back to the server.
  4. The server confirms that the client has a genuine TPM.

Code: [Only registered and activated users can see links. Click Here To Register...]

TLDR: All TPM "BYPASSES" are detected
Feel free to cry in the comments if you are a spoofer provider, I'll personally console you.
Yes, Edgey is detected, BlackSwipe is detected, Verse is detected, Void is detected. Nothing new.
05/29/2024 22:24 ovwf22#2
Finally someone talking about this! Currently it is impossible to BYPASS TPM in Valorant at least I didn't get any! I already bought
Edgey, Vortex, AridekVM among others that I forgot now.

They all share EFI + Bypass TPM, in some cases the spoofer really works but a while after playing Vanguard asks to turn on TPM and SecureBoot and that's when shit happens.

I bought 8 new TPM chips for stock and I believe that with a good spoofer and a new TPM CHIP I will be safe.

My motherboard is ASUS, if anyone has a provider with good experience regarding Valorant spoofer, please share!
05/29/2024 22:28 Relentless#3
Thanks for the great information Sync
05/29/2024 22:32 LukeManolia#4
Quote:
Originally Posted by ovwf22 View Post
Finally someone talking about this! Currently it is impossible to BYPASS TPM in Valorant at least I didn't get any! I already bought
Edgey, Vortex, AridekVM among others that I forgot now.

They all share EFI + Bypass TPM, in some cases the spoofer really works but a while after playing Vanguard asks to turn on TPM and SecureBoot and that's when shit happens.

I bought 8 new TPM chips for stock and I believe that with a good spoofer and a new TPM CHIP I will be safe.

My motherboard is ASUS, if anyone has a provider with good experience regarding Valorant spoofer, please share!
Won’t go in depth about HWID spoofing itself, but if you purchase a new TPM chip, Vanguard knows. Not sure if they do anything server side with that information though.
05/29/2024 22:37 ovwf22#5
Quote:
Originally Posted by LukeManolia View Post
Won’t go in depth about HWID spoofing itself, but if you purchase a new TPM chip, Vanguard knows. Not sure if they do anything server side with that information though.
I understand and this is quite interesting considering that I have some friends who had a TPM ban and bought a new one and spoofed the machine and started playing again.

Now if Vanguard really knows that the TPM was "changed" it's a matter of time before these new chips are banned again.

Anyway, I bought some chips, they are relatively cheap, it's worth testing and it's what's working at the moment.
05/30/2024 01:10 aliex11#6
so what solve?
if buy new m.b and ssd can be safe or no
and tpm give info about m.b or cpu?
05/30/2024 01:38 unnamedtech#7
Quote:
Originally Posted by aliex11 View Post
so what solve?
if buy new m.b and ssd can be safe or no
and tpm give info about m.b or cpu?
Use any permanent spoofer + tpm chip
05/30/2024 02:10 LukeManolia#8
Quote:
Originally Posted by aliex11 View Post
so what solve?
if buy new m.b and ssd can be safe or no
and tpm give info about m.b or cpu?
New hardware will always get the trick done.
I would recommend investing into a very spoof able setup.

Like chinese monitors without serials. Disks that serial can be changed. Isolated router for your PC running OpenWRT.

Doing all that, and buying a new TPM chip every time you get banned, alongside a permanent spoofer, would PROBABLY get you unbanned.

It’s really unfortunate how much time Vanguard spent in their HWID system. Atleast for us p2s providers.
05/30/2024 02:21 aliex11#9
Quote:
Originally Posted by LukeManolia View Post
New hardware will always get the trick done.
I would recommend investing into a very spoof able setup.

Like chinese monitors without serials. Disks that serial can be changed. Isolated router for your PC running OpenWRT.

Doing all that, and buying a new TPM chip every time you get banned, alongside a permanent spoofer, would PROBABLY get you unbanned.

It’s really unfortunate how much time Vanguard spent in their HWID system. Atleast for us p2s providers.
my m.b ez spoof always I do thats
also I have way to play normal with tpm close but when get more report ask me to turn on tpm
and I use same monitors and ssd and play +50 days without ban only when rage 4 days and get report ask me to turn on tpm so if them can hit or flage me dirctly banned me not ask turn on tpm
my problem order tpm chip take 25-35 days to come
05/30/2024 05:50 gvitok44#10
Sync long time no see, waiting your woof back into val scene :babyrage:
05/30/2024 11:58 Selfo##11
its annoying to tell everyone that there is no tpm bypass anymore in every thread so im glad luke did this thread and that as a previous spoofer seller

it is known for over a month now that no bypass works, efi spoofs are dtc and people are still buying to get flagged and banned
05/30/2024 16:26 Freegun11#12
There are still methods that can be used to bypass tpm errors without any driver even you van use flagged accounts with that method u just need brain and many brain cells
05/30/2024 16:28 LukeManolia#13
Quote:
Originally Posted by Freegun11 View Post
There are still methods that can be used to bypass tpm errors without any driver even you van use flagged accounts with that method u just need brain and many brain cells
No there aren't any "bypass" methods. Only working method is if you disable TPM in BIOS and the game lets you play.
05/30/2024 16:31 Freegun11#14
Yes you are right i am also talking about turning off tpm method and bypassing requirement message without any drivers
05/31/2024 00:32 Cheesy's Products#15
Quote:
Originally Posted by ovwf22 View Post
My motherboard is ASUS, if anyone has a provider with good experience regarding Valorant spoofer, please share!
hey right here
Page 1 of 4 1 23 Last »