BZR Player - a new music player for Win

[OddbOd]

After reading Akin's original advisory, it's pretty clear that what he's done is take advantage of the preload attack vector. You can do a few things such as provide a decent installer which will go some way toward mitigating the potential risk. To be clear you're not the root cause, neither are the FMOD libraries, this guy has setup BZR player in a way that deliberately exposes it to a known vulnerability. The Secunia Advisory makes it clear that the essential precondition is tricking the user, the same tactic can be used with almost any application if the attacker has prior knowledge of the target environment.

Watch the video carefully and ask yourself: Where did that desktop shortcut come from? How did MP3 files become associated with BZR Player? Where did that "Open With" context menu item come from? Your player didn't do any of that nor did any of the third party libraries and the docs don't say to do it either. Also, why is he running with admin rights in direct contravention of known best practice? OK it's in a VM but making the problem more dangerous is just dumb. Why is there no Process Monitor dump to explain why his poisoned library is loaded instead of the real one? It would be just as effective to overwrite the supplied MPEG library and be done with it.

You can probably see where I'm going with this, if not, this primer from Microsoft should be helpful.

[bLAZER]

Thanks for the info. Yeah that's it, every single program is cracked by supplying modified exes or dlls so I don't see why this is different. But this is an example of why you shouldn't download programs from sites you don't trust.

[Crown]

Blazer, thumb up for your player.

I love the pattern view!!

Btw, I hope that you will be adding more exotic sound formats from the amiga.

keep up the good work matey!

[bLAZER]

Glad you like it, Crown! I'm quite fond of the pattern view myself

[Crown]

regarding the pattern view, it would be great to be able to close/activate channels when clicking on each one of them 4.

I think this was possible on hippo player and it was a great functionality really.

[bLAZER]

Good idea, you mean mute/unmute for each channel? Also have to show that's it's muted somehow, maybe dimming the colors.

By the way I'm sure you know that you can mute channels in the "channels"-window.

[Crown]

yes, that's right (mute/unmute)

yes I tried the channels window but it would be more handy if was on the pattern view.

[wanderer]

Hello bLAZER, is it possible to retrieve the unpacked files (whether they are playable or not) with the Player's lzx extraction feature or is it for internal use only? It'd be nice to have it since lzx unpacking in Windows is problematic.

[bLAZER]

Yeah I know, not many Windows program can unpack lzx. And you are in luck:

lzx files are unpacked to the folder

Code:

C:\Users\<username>\AppData\Local\Temp\BZRplayer_tmp

Each lzx file are unpacked to a subfolder. All files and folders are deleted when you quit BZR Player.

[wanderer]

Thank you, that will help quite a lot. Looking forward to your next updates.

[bLAZER]

Crown's suggestion about muting channels by clicking on them in the pattern view is now working fine. Just have to get them to look nice in all other views, only Protracker is done.

Take a look here: [ Show youtube player ]

[Crown]

Hi Blazer,

thanks for incorporating my suggestion into the soon-to-come version. Can't wait to play around with it.

I am experiencing some sort of a bug on my PC. I have done so that mods and mp3s are by default using BZR so that I only have to click on an mp3 to load the program and play a tune. This works great when the program isn't launched but as soon as I am playing a tune and I click on another one from my mod/mp3 directory I get the message that BZR has ceased to function. Therefore it never plays another song unless I drag and drop it onto the UI.

And I also wanted to come with another suggestion. I sometimes like to get to listen to just a certain part of a song, for example at 2:35. unfortunately, this is pretty tedious on BZR as when I move my pointer on the sound position slider, it does not display the time. So when searching for position 2:35 I need quite a bit of luck

Else than that I am using it everyday and love it!

[Crown]

Btw, I tried to play a MKII tune and it crashed BZR.

Would also be nice to add Sonic Arranger player.

[BippyM]

bLAZER I think you are doing a great job here.. Well done

Is there a chance the lzx functions can be made into a seperate tool? Would be great for Windows

[bLAZER]

@Crown I've noticed the crash, it has something to do with multiple instances, if you enable "Allow multiple instances" in settings it doesn't crash. So something broke somewhere along the way, I'll fix it.

edit: That bug is now fixed.

Regarding seeking in sound the time IS displaying during seeking...so I'm not sure what you're doing...

The mk2 probably crashed because it happened to match the file signature of some other format. What tune was it, so I can check exactly why?

@bippym
Regarding developing a lzx tool I'm not really up for it. But I used most of the lzx code from xmp http://xmp.sourceforge.net/ and if you know some c/c++ it isn't that complicated to add some GUI etc.

[Crown]

Hi Blazer,

thanks for fixing that bug.

I'll send you an email about the two other topics.

cheers

[bLAZER]

New feature: browse samples in patternview: [ Show youtube player ]

Protracker and Ultimate Soundtracker done so far

[Crown]

hey Blazer,

this is another cool feature, thanks a lot.

I wanted to point out something that could be a bug. Whenever I listen to a tune with headphones and then remove the jack plug from my computer there is no sound going out from the laptop loudspeakers. it should normally switch as soon as headphones are plugged/unplugged. This works fine with Deliplayer, WinAMP, etc. so I believe the issue could related to BZR.

The only cure to that bug seem to be to load a new tune or restart the program.

cheers

[Cobe]

Fabulous player! I just enjoyed Wendetta2175 mods with lowered pitch(tempo) and they sound like some New Generation EBMstep

As I decided that BZR stays and I'll use it as primary player, I wanted that SOTB "skin".
After looking through all setting I was about to write here for help... then I simple clicked screen...

If you find relevant few things would be great to implement.
-First, Reverb slider(like balance) would be great so it won't be necessary to go to settings to change dry/wet amount. I like some songs with more some with less reverb.
-Second, for mods maybe separate pitch and tempo slider.
-Eq for left and right channel
and that would be my dream player

[bLAZER]

1.01 Released

New features:

• GUI is now scalable from 25-500%. See Settings/Display.
• Enable/disable channels in pattern view (click on channel)
• Browse samples in pattern view (done for most amiga trackers)
• New format added: AMOS Music Bank
• Volume tag in ds/qsf/ssf is now used to amplify songs with low volume
• iTunes tag "Compilation Flag (Part of a compilation)" now presented nicer
• Status of time in player window, elapsed/remaining is now saved in settings

Bug fixes:

• Major memory leak in libxmp and zxtune
• Webstreams didn't work
• Crashed when double clicking a file to play when the progam already was started
• id3v2 tags are now trimmed when checked, so for example "TPA " is recognized as "TPA"
• Find button had wrong tool tip
• Lots of tracker views wasn't centered 100% when resized
• Effect 15 wasn't displayed correctly in OctaMED v5 pattern view
• Tiny graphics fix in Chiptracker pattern view
• @-character had wrong font in Protracker pattern view

Other:

• Upgraded to libxmp 4.3.0 which means support for AMOS Music Bank and tons of fixes to xm/it/med/s3m
• VU Meter "Trails" has been removed due to complications with the new scalable GUI. May be back later.

Get BZR Player 1.01 here (And join the Facebook page)