Skip to main content
Nimbus
Spoofer tab — built in

The Marvel Rivals HWID spoofer that is not a malware download in disguise.

The standalone HWID-spoofer market is dominated by password-protected MEGA archives, YouTube comment-section vouches, and binaries that ask you to disable Defender before they run. Nimbus ships a Spoofer tab inside the launcher— One-Shot (user-mode), Kernel (signed-driver), and a reboot-stress harness to prove the rewrite stuck. No second download, no second trust decision.

Don't run untrusted HWID spoofers.

A spoofer asks for kernel-level rights on your machine. If you give that level of access to a binary you downloaded from a YouTube description, a Discord DM, or a password-protected RAR, you are giving the same level of access to whatever else is in that binary. The honest play is to use a spoofer bundled inside a tool whose entire publication chain you can verify — which is what the Nimbus Spoofer tab is. If you insist on a standalone, scan with VirusTotal first and treat any sample with multiple AV detections as malware.

What Nimbus ships
  • Built into the Nimbus launcher — no separate executable to download
  • Both user-mode (One-Shot) and kernel (signed-driver) paths
  • Reboot-stress harness verifies the rewrite stuck across 5 cycles
  • Restore-original button — undo the spoof without re-installing Windows
  • Source-of-truth lives in the loader we publish via signed GitHub Releases
Red flags on standalone downloads
  • Password-protected RAR downloads from MEGA or Anonfiles
  • Auto-disabled SmartScreen + Windows Defender during install
  • Tools that ask for Discord token, browser cookies, or Wallet folders
  • “Lifetime free” spoofers with cryptocurrency miner CPU usage
  • Anything that claims to also unban your existing account

What an HWID spoofer actually does

When Marvel Rivals launches under Easy Anti-Cheat, the anti-cheat agent reads a long list of hardware identifiers and hashes them into a single fingerprint. The fields include the Windows MachineGuid, the SMBIOS system serial and UUID, drive serials, the MAC addresses of physical NICs, the BIOS vendor string, and a handful of less obvious values like the GPU device path. A hardware ban does not literally lock your motherboard; it adds the hash of that fingerprint to the ban list. A spoofer changes the inputs going into that hash so the next account starts with a clean identity.

The Nimbus launcher Spoofer tab exposes three controls: One-Shot Spoof (user-mode rewrite of about eight HKLM keys including MachineGuid and HwProfileGuid), Kernel Spoof (invokes the signed-driver KDU backend to rewrite SMBIOS and storage-device IDs that user-mode code cannot reach), and a stress harnessthat reboots five times and re-checks that the rewritten values survived. Everything happens inside the launcher process; there is no second binary to chase.

Why standalone spoofers are almost always the wrong tool

The standalone HWID-spoofer market on YouTube and the wider cheat-forum scene is overwhelmingly low-trust. The supply chain looks like this: a Discord server links a MEGA archive, the archive is password-protected so antivirus engines cannot scan it inline, the included binary is packed with Themida or VMP, the binary asks you to disable SmartScreen and Defender before it runs, and the install instructions tell you to run as administrator. That is the exact behaviour profile of a coin miner or credential stealer. Some are legitimate; many are not; you cannot tell the difference from the YouTube comments.

If you still want to roll the dice on a standalone, the minimum-effort safety checks are: upload the binary to VirusTotal before running, look at the “behaviour” tab for keylogger / clipboard / wallet-folder access, and run it in a Windows Sandbox or disposable VM first. If any of those steps fail, the file is not safe.

What a spoofer cannot do

A spoofer does not unban your existing account — bans are tied to the NetEase identity, not the hardware. See our ban-recovery write-up for the honest take on what happens after a ban. A spoofer also does not stop Marvel Rivals from collecting future telemetry; it only changes what identity is attached to that telemetry. And it cannot retroactively scrub network-side identifiers like the IP address or Steam ID. The play is spoof + fresh account + fresh Steam family share, not spoof + existing banned account.

For background on how EAC fingerprinting actually works, see Marvel Rivals EAC explained and our HWID reset guide — the latter walks through migrating a working Nimbus license to a new machine without burning a reset.

Where to go next

Buy a $5 day pass and you have the Spoofer tab in your hands within a minute of license redemption. The side-by-side comparison shows how the Spoofer tab stacks up against what other Marvel Rivals loaders ship by default.

Frequently asked

What is an HWID spoofer?

An HWID spoofer rewrites the hardware identifiers a game and its anti-cheat read — MachineGuid, drive serials, MAC addresses, SMBIOS fields — so a hardware ban on one set of values does not follow you to a fresh account on the same PC. It does not unban the original account; it changes the identity the anti-cheat sees next time.

Does Nimbus include a built-in HWID spoofer?

Yes. The Nimbus launcher has a Spoofer tab with three buttons: One-Shot Spoof rewrites user-mode keys, Kernel Spoof uses a signed driver subprocess for the SMBIOS path, and a stress harness verifies the rewrite stuck across five reboots. You do not need a separate spoofer download.

Why should I avoid standalone HWID spoofers I find on YouTube?

Most free standalone spoofers are bait. The download chain is usually MEGA -> password-protected RAR -> .exe that asks for SmartScreen bypass and admin rights. A large portion of those binaries are credential stealers or coin miners disguised as spoofers. If you must use a standalone, scan with VirusTotal first and treat any sample with high-rep AV detections as malware regardless of the YouTube comment section.

Will the Nimbus spoofer unban my existing Marvel Rivals account?

No. No spoofer can. Bans are tied to the NetEase account identity, not just the hardware. Spoofing changes what the next account sees on first launch — it does not retroactively reverse a ban decision on an account already flagged.

Is the spoofer kernel-level?

Both. The user-mode One-Shot path rewrites HKLM machine identifiers and is enough for most casual hardware-ban surfaces. The Kernel Spoof path invokes a signed driver subprocess (KDU backend) to rewrite SMBIOS and storage-device fields that user-mode code cannot touch. The Settings tab toggles between them.

What is the safest way to test the spoofer worked?

The launcher exposes the stress harness — five consecutive reboots checking that the rewritten IDs persist. Outside the launcher, the cleanest test is a fresh Steam install + fresh NetEase account in an isolated user profile; if the new account survives Marvel Rivals' first-launch hardware fingerprint, the spoof held.

Spoofer tab, no second download.

One-Shot, Kernel, and a reboot-stress harness — all inside the Nimbus launcher you already trust to run Marvel Rivals.