There is a software called NXD, used in internet cafés, which runs on Linux and is responsible for managing computers over a local network (powering on machines, controlling them, etc.). My goal is not to directly crack the licensing system, but instead to create a cloned server so that the software connects to my own server rather than the original one, allowing me to fully control the licensing logic (i.e., I decide whether a user is authorized or not). For example, this can be achieved by redirecting the domain to my server via the hosts file. It’s important to mention that one of the core components, nxpboot, is protected with Themida, and the licensing-related parts are virtualized, meaning this requires more advanced reverse engineering rather than basic unpacking or debugging.

The project runs on Linux. I previously worked with another developer who analyzed the system, figured out several key parts, and packaged the environment using Docker so it can run in an isolated and reproducible way. However, he had to leave the project due to workload. At this point, I already have his findings, notes, and a partially working setup, so this is not starting from scratch.

The system architecture mainly consists of nxpbootmgr (GUI), nxpboot (core service), and the licensing server. The client communicates with the server over port 27000 during login, and once it receives a valid response, the system becomes fully functional. The communication does not use TLS; instead, it relies on a custom protocol and custom cryptography. The password encryption algorithm has already been reversed, so the structure of the login data is mostly understood.

My goal is not to patch the client, but to implement a server emulation running on port 27000 that can parse incoming packets and generate the correct “login success” responses. I previously had a working version of this approach for older versions of the software; in the newer version, the main differences are in the protocol and some internal mechanics. Additionally, there is a session/token mechanism: after logging in on one version, another version can run for a limited time without re-authentication, which suggests the presence of a cache or background validation mechanism.

In summary, I am looking for someone who can understand the licensing flow inside nxpboot, reverse engineer the network protocol, and build a compatible server implementation. Experience with Themida virtualization is especially important, as this protection is heavily used around the licensing logic. Ideally, I’m looking for someone who is experienced with this type of protection and capable of handling advanced reverse engineering tasks.

Thank you for your job offer. Unfortunately, I'm only interested in Windows and APKs, but our other manager is interested in Linux and can research how we can emulate your server with programs like Burp Suite. I've tagged their name below.

@B13

I'll check this out soon.