starred/Standard.Licensing
1
0
Fork 0
mirror of https://github.com/junian/Standard.Licensing.git synced 2026-04-25 13:55:53 +03:00
Code Issues 24 Projects Releases Packages Wiki Activity

[GH-ISSUE #46] How to Right Valid lic file #38

New issue
Closed
opened 2026-02-26 01:35:50 +03:00 by kerem · 3 comments
kerem commented 2026-02-26 01:35:50 +03:00
Owner
Copy link

Originally created by @dellos on GitHub (Dec 2, 2024).
Original GitHub issue: https://github.com/junian/Standard.Licensing/issues/46

var validationFailures = license.Validate()  
                                .ExpirationDate(systemDateTime: DateTime.Now)  
                                .When(lic => lic.Type == LicenseType.Trial)  
                                .And()  
                                .Signature(publicKey)  
                                .AssertValidLicense();

if somehow cracker knows I was using this lib then he watches the real created .lic file to know what fields my app was checking.
then he creates a .lic file using the same lib with his private key and passphrase and the same field structure. then I thought this fake .lic file would be accept in my app cause the above code would validate the fake one too!!!

Is there some misunderstood or something I need to change to make it right using the Lib?

Originally created by @dellos on GitHub (Dec 2, 2024). Original GitHub issue: https://github.com/junian/Standard.Licensing/issues/46 ``` var validationFailures = license.Validate() .ExpirationDate(systemDateTime: DateTime.Now) .When(lic => lic.Type == LicenseType.Trial) .And() .Signature(publicKey) .AssertValidLicense(); ``` if somehow cracker knows I was using this lib then he watches the real created .lic file to know what fields my app was checking. then he creates a .lic file using the same lib with his private key and passphrase and the same field structure. then I thought this fake .lic file would be accept in my app cause the above code would validate the fake one too!!! Is there some misunderstood or something I need to change to make it right using the Lib?
kerem closed this issue 2026-02-26 01:35:50 +03:00
kerem commented 2026-02-26 01:35:51 +03:00
Author
Owner
Copy link

@jshergal commented on GitHub (Jan 21, 2025):

@dellos - you are signing with your private key, but you validate the signature with your public key. They are a pair. So, even if someone uses the same library with the same fields, etc, to generate a license file, unless they also had your private key to sign with, their license file will fail when you validate the signature with your public key.

<!-- gh-comment-id:2605861989 --> @jshergal commented on GitHub (Jan 21, 2025): @dellos - you are signing with your private key, but you validate the signature with your public key. They are a pair. So, even if someone uses the same library with the same fields, etc, to generate a license file, unless they also had your private key to sign with, their license file will fail when you validate the signature with your public key.
kerem commented 2026-02-26 01:35:51 +03:00
Author
Owner
Copy link

@KieranFoot commented on GitHub (Aug 16, 2025):

I can only advise not to spend so much time worrying about licensing. If someone wants to bypass it, they will. For example patching the Public Key with dnlib at runtime, it's that simple.

<!-- gh-comment-id:3193631077 --> @KieranFoot commented on GitHub (Aug 16, 2025): I can only advise not to spend so much time worrying about licensing. If someone wants to bypass it, they will. For example patching the Public Key with dnlib at runtime, it's that simple.
kerem commented 2026-02-26 01:35:51 +03:00
Author
Owner
Copy link

@dellos commented on GitHub (Aug 18, 2025):

I can only advise not to spend so much time worrying about licensing. If someone wants to bypass it, they will. For example patching the Public Key with dnlib at runtime, it's that simple.

You are right. I was trying to invert dll to c# code the test app, and it makes sense that no matter what we do, there will be a
if ( valid) {run the app } in the code. If they can find out that point, they can patch it. So the way we're doing it here is just for the normal end user.

<!-- gh-comment-id:3195760648 --> @dellos commented on GitHub (Aug 18, 2025): > I can only advise not to spend so much time worrying about licensing. If someone wants to bypass it, they will. For example patching the Public Key with dnlib at runtime, it's that simple. You are right. I was trying to invert dll to c# code the test app, and it makes sense that no matter what we do, there will be a `if ( valid) {run the app }` in the code. If they can find out that point, they can patch it. So the way we're doing it here is just for the normal end user.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.2.2
v1.2.1
v1.1.9
v1.1.7
v1.1.6
v1.1.5
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Standard.Licensing#38
No description provided.