Kali
Task 2 - Solution
Thu Dec 17 18:00:54 1998


Thu Dec 17 17:52:22 1998


Greeting 'Alliance', it's Kali

The four things to delete to UNREGISTER the proggie are:
1- Cyt31.ini
2- msffs.dll
3- win64os.cpl
4- HKEY_CURRENT_USERSoftwareNetscapeNetscape NavigatorInitialize

History:
°Cyt31.ini contains the browser we use, installation date & other options.
If you delete the file, next time you'll run CV31, it'll ask for these
prefs.
°win64os.cpl contains a 'false' string, but it's only an additional file
to check 'bout crackers.. If you delete this file you still are Registered
It's the same if you delete both these files.
°Msfss.dll contains strange numbers but only if you delete or modify this
file the proggie says that you are a cracker.
I began to read in Forum how this file works, but i want to understand
by myself..
°I found them in Filemon. Here you can find other files references like
system.cyt, cythid.reg, cyt.*** and cyt.***.dll (*** are three letters for
my country, maybe for you they are cyt.en and cyt.en.dll)
Nothing to say about them.
°In WDASM - string references you can see 6 registry keys in Netscape and
1 in Explorer.
I undervalued them!!! And my first crack was a dirty crack.
I know that the proggie takes the Registered status from a registry but i
don't know which key.
Then in the Forum i read a clue 'bout a certain HKCU key and i remembered
what i found in WDASM.
If you write down these registry entries and in filemon check which registry
entries are used by Netscape, you'll see some never called keys.
Backup and Delete (and Restore) the un-called keys one by one... (and the
three files above)...until CV31 has been UNREGISTERED and at 1st use.
If you only delete the Key, nothing change.
When you 're-install' the prog a new entry for 'Initialize' is created, but
nothing of this happens if you only 're-run' CV31.

Thanx for cooperation and positive stimulus.
Kali