The NX client software gives to users the option of saving the password in the session configuration file. When the password is stored in the file, NX doesn't prompt the user for the login credentials at the time the session is started, so that it is possible to automate the login by launching the software by clicking on a session configuration saved on the user's desktop or by running the client during the session startup of the host OS.
While this feature can be very useful in many scenarios, it must be noted that saving the password in the configuration file makes it possible for any user to have access to the physical computer to steal the password and get access to the NX server with the user's credentials. For this reason the option is turned off by default.
When saving the session's password in the configuration file, nxclient stores it in a scrambled format. The purpose of the scrambling algorithm is to convert the text in a format that is not easily readable, making it more difficult for people having casual access to the client's configuration file to eavesdrop the plain text. The algorithm is easily reversable, though, and it is not intended to encrypt the password.
You should know that the output string produced by the scrambling algorithm can include few characters that are not allowed inside XML attribute values. To produce the correct XML you need to replace those characters with:
" : "
' : '
This can be achieved by using regular expressions or can be done automatically by using the appropriate XML libraries.
You may download here some examples of the client scrambling algorithm written in different languages:
This is the code used by nxclient to encode and decode the text. QT strings are used in the implementation:
Scrambling algorithm in C++ uing QT
and this is the C++ code using null terminated strings:
Scrambling algorithm in C++
Scrambling algorithm in Perl