MojeeIO.Exceptions.LicenseException: Mojee license is invalid.

[schizobeyond-tech]

Windows 11 Pro N For Workstation 22H2, fresh instal, tried both NPM and dotnet, running retype start or build produces same error always.

System.TypeInitializationException: The type initializer for 'MojeeIO.Mojee' threw an exception.
        ---> MojeeIO.Exceptions.LicenseException: Mojee license is invalid.
          at MojeeIO.Mojee..cctor()
          --- End of inner exception stack trace ---
          at MojeeIO.Mojee.Replace(String text, Func`2 evaluator)
          at Retype.App.StringExtensions.EmojiAndIconEncode(String str, Boolean wrapInSpan, Nullable`1 preHtmlEscape, Nullable`1 encodeToHex)
          at Retype.App.Commands.Options.BrandingOptions..ctor(Raw raw, IDirectoryDescriptor logoDir, ValueSource source, ILogger logger)
          at Retype.App.Commands.Options.BuildOptions..ctor(Raw raw, IFileSystem fileSystem, IFileSystem embeddedFileSystem, IFileSystem outputFileSystem, ICommandConfiguration cmdConfig, IIconProvider iconProvider, IUrlGenerator urlGenerator, IUrlProvider urlProvider, ILogger logger, Boolean logPaths)
          at Retype.App.Services.Factories.BuildOptionsFactory.Resolve(String path, IFileDescriptor& configFile, String output, String secret, String password, String overrideJson, String host, Nullable`1 port, Nullable`1 openBrowser, IFileSystem outputFileSystem, Boolean isWatchCmd, Boolean isClean)
          at Retype.App.Services.Cli.Handlers.BuildCommandHandler.Execute(Boolean verbose, IBuildOptions options, String path, String output, String secret, String password, String overrideJson, String host, Nullable`1 port, Nullable`1 openBrowser, Boolean isWatchCmd, String hostUrl)
          at Retype.App.Services.CliService.<CreateBuildCommand>b__20_0(Boolean api, Boolean watch, Boolean verbose, String output, String secret, String password, String override, String path)
          at System.CommandLine.NamingConventionBinder.CommandHandler.GetExitCodeAsync(Object returnValue, InvocationContext context)
          at System.CommandLine.NamingConventionBinder.ModelBindingCommandHandler.InvokeAsync(InvocationContext context)
          at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
       --- End of stack trace from previous location ---
          at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass17_0.<<UseParseErrorReporting>b__0>d.MoveNext()
       --- End of stack trace from previous location ---
          at Retype.App.Services.CliService.<>c__DisplayClass26_0.<<CreateInfoOption>b__1>d.MoveNext()
       --- End of stack trace from previous location ---
          at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass12_0.<<UseHelp>b__0>d.MoveNext()
       --- End of stack trace from previous location ---
          at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseVersionOption>b__0>d.MoveNext()
       --- End of stack trace from previous location ---
          at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass19_0.<<UseTypoCorrections>b__0>d.MoveNext()
       --- End of stack trace from previous location ---
          at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__18_0>d.MoveNext()
       --- End of stack trace from previous location ---
          at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseParseDirective>b__0>d.MoveNext()
       --- End of stack trace from previous location ---
          at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__5_0>d.MoveNext()
       --- End of stack trace from previous location ---
          at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass8_0.<<UseExceptionHandler>b__0>d.MoveNext()
          

[geoffreymcgill]

Hmm. I was not able to reproduce. What version of Retype are you using? You can check using the command retype --version. Or, is this a fresh install of Retype?

[schizobeyond-tech]

3.0.3, does Mojee require any special windows services to verify license? Or does it fail in case it detects any running software (such as Process hacker?)

[geoffreymcgill]

does Mojee require any special windows services to verify license? Or does it fail in case it detects any running software (such as Process hacker?)

No, nothing special is required.

[schizobeyond-tech]

No clue then, this is a fresh install, even tried clean reinstalling, just a default example retype.yml and still get the same error, NPM or dotnet doesn't matter.

[geoffreymcgill]

I was able to determine that the Mojee license key used within Retype is still valid, so something else is going on inside of the Mojee library. Whatever is happening is super strange. It might be platform specific.

We are still investigating.

[schizobeyond-tech]

Is there any active anti-debugging in your Mojee license protection? Such as scanning for specific .exe either running or installed (IDA Pro/x64dbg/Process Hacker etc)? If not then im not sure what is causing this, maybe because my user account on Windows has full admin rights and is not a "regular" account?

[geoffreymcgill]

There is no system scanning for anything in Mojee (or Retype) and user rights would not be a factor either. If you can install Retype, then you have all the rights required.

The only thing from your system that Mojee (and Retype) checks is the system date. If the system date is returning a value and that date is earlier than 9999-12-31, then all should be well. There is also encoding and decoding plus encrypting and decrypting of strings within the logic, but it's tough to see why any of that would be failing.

At the moment, we are still uncertain what could be causing the license check failure. I think this is the first license check logic failure we have had. We are still testing and trying to figure out what could be going wrong.

[schizobeyond-tech]

Afaik .NET has some enforced compliancy for their hashing/crypto functions due to it being used in governments around the world and USA, something about FIPS compliance, maybe on my OS this is disabled, i'm not sure, and your .NET apps require it to be enabled? Or something else inside group policy? Does your licensing system use Clock/NTP Time Sync services to check current dates? I have those disabled(Time Broker).

update:I have FIPS compliance disabled, both in GPE and registry

To use the group policy setting, open the Group Policy Editor, navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, and enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting.
To use the Windows Registry, go to HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled and set Enabled to 1.

[geoffreymcgill]

Does your licensing system use Clock/NTP Time Sync services to check current dates? I have those disabled(Time Broker).

No services are used. Just the System.DateTime struct within .NET.

If you can run the following C# code (and it returns PASS), then all should be well from the system date/time side of logic:

var dt = System.DateTime.ParseExact("9999-12-31", "yyyy-MM-dd", System.Globalization.CultureInfo.InvariantCulture);
System.Console.WriteLine(DateTime.Now < dt ? "PASS" : "FAIL");

Best I can tell, FIPS policy enforcement is not managed within .NET and would be system managed, so there is nothing in Mojee or Retype that is specifically checking for compliance. The .NET standard lib would just be calling out to the system libraries.

update:I have FIPS compliance disabled, both in GPE and registry

This seems like it would create a less restrictive environment, so would be surprising if it is affecting the decrypting, but you never know for sure. Thanks for the Group Policy Editor notes; we are investigating.

[schizobeyond-tech]

.NET 7.0

[geoffreymcgill]

If you are able to run a simple dotnet app, then maybe you could help us determine if the license key validation is a problem within Mojee or Retype.

Running the following app will output to the Console either :rocket: or 🚀.

If the string :rocket: or an Exception, then the Mojee license key validation is not working.

If the 🚀 emoji is output, then the Mojee license key validation is working, which means the Mojee license is invalid Exception is likely being caused by something in Retype.

Only 3 basic files are required. You can extract the following mojee-test.zip or add the files manually to a project.

mojee-test.zip

Then you would just run the command dotnet run to get either the :rocket: string, and Exception, or the 🚀 emoji.

Here are the three separate files within the .zip above.

Program.cs

Console.WriteLine(MojeeIO.Mojee.Replace(":rocket:"));

AppSettings.json

{
    "Mojee": {
        "LicenseKey": "Q3JxcHd2dXR7b3JvcXNxcG5zdG5ydw-Ui5R443SQl/UwhoYzWQ8pEFxrGlGSUJdq94PNu8b/CyLBKWeer8rmw"
    }
}

mojee-test.csproj

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net7.0</TargetFramework>
    <RootNamespace>mojee_test</RootNamespace>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="mojee" Version="1.4.0" />
  </ItemGroup>

  <ItemGroup>
      <None Update="appsettings.json">
          <CopyToOutputDirectory>Always</CopyToOutputDirectory>
      </None>
  </ItemGroup>

</Project>

You can also add Mojee to any existing .NET app by running the command dotnet add package Mojee.

To create a new Console app and add Mojee, you would run the following commands:

dotnet new console
dotnet new package Mojee

The Mojee license key is configured by adding the appsettings.json file. More details available in the Mojee docs at https://docs.mojee.io/license_key_configuration/.

Thanks in advance for the assistance.

[schizobeyond-tech]

[geoffreymcgill]

Interesting.

Thanks for running the code. This will help us narrow down the root cause.

[schizobeyond-tech]

		StackTrace	"   at System.Security.Cryptography.CngHelpers.OpenStorageProvider(CngProvider provider)\r\n   at System.Security.Cryptography.CngKey.Import(ReadOnlySpan`1 keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider)\r\n   at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider)\r\n   at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider)\r\n   at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, CngKeyBlobFormat format)\r\n   at System.Security.Cryptography.DSACng.ImportKeyBlob(Byte[] dsaBlob, Boolean includePrivate)\r\n   at System.Security.Cryptography.DSACng.ImportParameters(DSAParameters parameters)\r\n   at System.Security.Cryptography.DSA.FromXmlString(String xmlString)\r\n   at System.Security.Cryptography.DSAWrapper.FromXmlString(String xmlString)\r\n   at lambda_method8(Closure, Object, Object[])\r\n   at A.S.A.g.A(Object, Object[])\r\n   at A.S.A.a(Object, O, Boolean, Object[] args)\r\n   at A.S.A.a(Object, O, Object[] args)\r\n   at A.S.a.A(Byte[], Byte[])"	string

This is where exception gets thrown first, formatting is rip..

[schizobeyond-tech]

Ok its due to using .NET Libraries for crypto and not independant lib, so it needs CNG key isolation service to be running/startup set to automatic. (KeyIso)

[geoffreymcgill]

@schizobeyond-tech Just to confirm, if you start the Keylso service, then Retype is building correctly?

[schizobeyond-tech]

@schizobeyond-tech Just to confirm, if you start the Keylso service, then Retype is building correctly?

Yes

[geoffreymcgill]

Thanks for the confirmation. We will still try to reproduce and see if there is anything that can be done with to avoid this crypto requirement, although I suspect not much can be done.

We will keep this thread updated with any new information as it becomes available.

Thanks again for reporting the exception!

[schizobeyond-tech]

You can try using libsodium or port of it to C# libsodium-core which should have in-lib implementation for crypto functions instead of calling out to very bloated winapi helper services for crypto

https://github.com/ektrah/libsodium-core (not active anymore)
https://github.com/ektrah/nsec (maintained)

[geoffreymcgill]

Thanks for the tip.

Retype and Mojee use cryptographic functionality within the .NET System.Security.Cryptography namespace and no calls outside of the .NET provided SDK are made. I believe the .NET standard libs call out to system libs and may not contain internal implementations of the crypto algos, so likely the .NET API is what's making the call to the natic winapi/Keylso service.

We will take a good look at libsodium-core.