Netease Lyrics: Retrieve lyrics from Netease Cloud Music!

[CharlieJiang]

@CharlieJiang

Running your Netease Lyrics plugin dll (v1.8.1) through VirusTotal, it gets triggered by 12 antivirus engines saying it contains a Trojan virus:



Can you comment on this?
 
 

I too tried to run the dlls in VirusTotal and got the same result, which is rather weird. The project has its source code publish at https://github.com/cqjjjzr/MusicBee-NeteaseLyrics and the codebase is extremely small so it can be easily audited, and you can build the project and again put it into VirusTotal.

I rebuilt the project from scratch using VS2022(17.6.1) and the result is the same, so I believe it's either

1. False positive from Antivirus engines. I used Fody.Weaver to weave dependency DLLs into single DLL so this may trigger false positive.;
2. The dependency is posioned. Again the dependency details is published in the GitHub repo (in packages.config). The project has only 4 dependencies (Costura.Fody 3.2.2, Fody 3.3.5, MSBuildTasks 1.5.0.235, Newtonsoft.Json 13.0.1), and none has been reported as posioned as far as I can search, so the possibility for dependency posioning is slim.

Could you try to rebuild the project from source and see if the virus flags persist?

[hiccup]

Thanks for the very fast and comprehensive reply CharlieJiang!

Could you try to rebuild the project from source and see if the virus flags persist?

You are over-estimating my capabilities. I am not a coder and have no clue on how to do this.

Maybe other users with coding talents can help in figuring out what is going on exactly?

P.S.
Most of the warnings seem to come from antivirus services that I have never heard of, so perhaps I would take those warnings with a grain of salt.
But Google, McAfee and BitDefender have good reputations.
If at least those three would be set to rest I personally probably would not be that worried anymore.

[hiccup]

P.S.
Do you happen to know about this plugin for QQ Lyrics?: https://getmusicbee.com/addons/plugins/473/qq-lyrics/

It also gets flagged by Google: https://getmusicbee.com/forum/index.php?topic=39622.msg214268#msg214268

[CharlieJiang]

P.S.
Do you happen to know about this plugin for QQ Lyrics?: https://getmusicbee.com/addons/plugins/473/qq-lyrics/

It also gets flagged by Google: https://getmusicbee.com/forum/index.php?topic=39622.msg214268#msg214268

I have no idea, sorry.

Someone in the GitHub issue suggested changing the GUID of the dll in AssemblyInfo.cs, and it did fixed the problem. The original one (c1acdbd8-6b22-4807-bba3-d0237ccd74c1) in my plugins are surprising the same since I copied the AssemblyInfo.cs from the MusicBee SDK demo untouched. Changing them to different ones solved the issue.



It seems that the AV softwares are indeed to be blame. I'll release further versions of those plugins with new GUIDs, but I'd like not to bother to release a version just for rolling the GUID.

[hiccup]

Someone in the GitHub issue suggested changing the GUID of the dll in AssemblyInfo.cs, and it did fixed the problem. The original one (c1acdbd8-6b22-4807-bba3-d0237ccd74c1) in my plugins are surprising the same since I copied the AssemblyInfo.cs from the MusicBee SDK demo untouched. Changing them to different ones solved the issue.

Great.
Thanks for the incredibly fast response, and sorry for my cry-wolf.

[sveakul]

Attempting to use version 1.8.1 of the plugin with MusicBee 3.5.8748 freezes the search process when this source is reached using "Next lyrics" in the display panel.  "Original lyrics" is selected in the plugin options.

Uninstall leaves "netease_conf" in the MB/AppData folder.

Had run into a case with another player where Netease was the only lyrics source for a particular streaming song, so thought I'd add this plugin to MusicBee for a try.

[AAAAAAAAAAAAA]

Symantec Endpoint AV

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.MBT
File: C:\Users\...\Downloads\mb_NeteaseLyrics.dll
----------------------

filescan.io Report:
OSINT provider OPSWAT_REPUTATION detected FILE_HASH_SHA256 resource 6519844c3efa0f19477ea7bb0cbc5d7beb6b0a95a909aad496729dcc9dce489d as LIKELY_MALICIOUS

VirusTotal Report
13/74 security vendors and no sandboxes flagged this file as malicious
Threat categories: trojan

Can You check it, please?

[sveakul]

Attempting to use version 1.8.1 of the plugin with MusicBee 3.5.8748 freezes the search process when this source is reached using "Next lyrics" in the display panel.  "Original lyrics" is selected in the plugin options.

Uninstall leaves "netease_conf" in the MB/AppData folder.

Had run into a case with another player where Netease was the only lyrics source for a particular streaming song, so thought I'd add this plugin to MusicBee for a try.

I just noticed that this plugin, while still showing version 1.8.1 and a release date of 9/22/2022 on its github home page (https://github.com/cqjjjzr/MusicBee-NeteaseLyrics/), on its download page is now dated 9/24/2023 (as is the DLL itself inside the zip).

(To install just unzip mb_NeteaseLyrics.dll inside into the MusicBee Plugins folder, and restart MB.  In Prefs/Plugins it shows a dropdown box where 3 display options are given--original text, translation, original + translation--and the option to do a "fuzzy" match search (cool!). It creates the file "netease_config" in the AppData folder on use.)

So I gave it another try, this time with MusicBee 3.6.8919 P.  Was glad to see the freezing behavior noted in the post above has ceased, and the plugin reliably returns results.  However, in the MB Lyrics panel the display is "funny", whether a result of MusicBee's handling of synced ("LRC") lyrics or the plugin itself I don't know (the plugin is designed to return LRC format only).

Note:  All my testing is done with radio streams--audio files themselves may return different results!  Someone else can test those  

The displayed lyrics sometimes are shown grayed out except for the last line, and movement only happens once, TO the last line.  Other times the lyrics are all shown normally (not grayed out), although the single movement to the last line still occurs.  Using the "Copy Displayed Lyrics" context menu choice and pasting to a text file does show properly formatted lyrics with time codes in both cases.

OK, FWIW!  I am not a fan of synced/LRC lyrics, but I added this one anyway now that it does return results, and I have seen it on occasion be the sole source of a hit.

P.S.  I did not receive any warnings from Windows Defender.

[CharlieJiang]

Attempting to use version 1.8.1 of the plugin with MusicBee 3.5.8748 freezes the search process when this source is reached using "Next lyrics" in the display panel.  "Original lyrics" is selected in the plugin options.

Uninstall leaves "netease_conf" in the MB/AppData folder.

Had run into a case with another player where Netease was the only lyrics source for a particular streaming song, so thought I'd add this plugin to MusicBee for a try.

I just noticed that this plugin, while still showing version 1.8.1 and a release date of 9/22/2022 on its github home page (https://github.com/cqjjjzr/MusicBee-NeteaseLyrics/), on its download page is now dated 9/24/2023 (as is the DLL itself inside the zip).

(To install just unzip mb_NeteaseLyrics.dll inside into the MusicBee Plugins folder, and restart MB.  In Prefs/Plugins it shows a dropdown box where 3 display options are given--original text, translation, original + translation--and the option to do a "fuzzy" match search (cool!). It creates the file "netease_config" in the AppData folder on use.)

So I gave it another try, this time with MusicBee 3.6.8919 P.  Was glad to see the freezing behavior noted in the post above has ceased, and the plugin reliably returns results.  However, in the MB Lyrics panel the display is "funny", whether a result of MusicBee's handling of synced ("LRC") lyrics or the plugin itself I don't know (the plugin is designed to return LRC format only).

Note:  All my testing is done with radio streams--audio files themselves may return different results!  Someone else can test those  

The displayed lyrics sometimes are shown grayed out except for the last line, and movement only happens once, TO the last line.  Other times the lyrics are all shown normally (not grayed out), although the single movement to the last line still occurs.  Using the "Copy Displayed Lyrics" context menu choice and pasting to a text file does show properly formatted lyrics with time codes in both cases.

OK, FWIW!  I am not a fan of synced/LRC lyrics, but I added this one anyway now that it does return results, and I have seen it on occasion be the sole source of a hit.

P.S.  I did not receive any warnings from Windows Defender.

Actually if you have selected the "Original + Translation" option, there would be a merging process where the plugins merges two LRC blobs returned from the server, and it CAN be buggy.

If the result is still funny, I would be glad if you post the track title or the corrosponding Netease Music track ID so I can look into the result returned from Netease. The lyrics on the platform is community-contributed so incorrect timecodes do exist sometime.

Edit: I noticed that you have selected the Original option. Then it's more likely that the sources have buggy timecodes.

[CharlieJiang]

Symantec Endpoint AV

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.MBT
File: C:\Users\...\Downloads\mb_NeteaseLyrics.dll
----------------------

filescan.io Report:
OSINT provider OPSWAT_REPUTATION detected FILE_HASH_SHA256 resource 6519844c3efa0f19477ea7bb0cbc5d7beb6b0a95a909aad496729dcc9dce489d as LIKELY_MALICIOUS

VirusTotal Report
13/74 security vendors and no sandboxes flagged this file as malicious
Threat categories: trojan

Can You check it, please?

Please check the replies just above yours, and I do noticed that the problem comes back again.

According to https://github.com/Fody/Costura/issues/294 , it seems to be a common practice to flag DLLs containing embedded DLLs as viruses. I will try to adjust the Fody/Costura settings to see if there is any effect when I release a version next time, but I don't except all false-positives to disappear. At the same time, you can rebuild the project using VS2022, audit the code on GitHub or even decompile the binaries I published if you still can't trust this.

[sveakul]

Actually if you have selected the "Original + Translation" option, there would be a merging process where the plugins merges two LRC blobs returned from the server, and it CAN be buggy.
If the result is still funny, I would be glad if you post the track title or the corrosponding Netease Music track ID so I can look into the result returned from Netease. The lyrics on the platform is community-contributed so incorrect timecodes do exist sometime.

Edit: I noticed that you have selected the Original option. Then it's more likely that the sources have buggy timecodes.

Yes I am using "Original only" as the translation choice.  When testing I had it on top of the source list, was doing a lot of station changing and screen grabbing etc. and started running into some "Retrieving lyrics.." hangs in the panel resulting in one "beauty" where all my cooling fans kicked on and processor usage by MB was over 25% (normally 1.6-2%) and I had to kill from Task Manager.  I put this down not to a flaw in the plugin but the fact of it trying to compare matches for best results and the fast changing of music sources by myself.  I did change the setting now to "fuzzy matching" which is described as "Don't double check match and use first result directly."

Most results have timestamps when copied but during playback jump immediately to the highlighted last line (caveman - helpless), a few aren't LRC and have no timestamps at all when copying them (thompson twins - roll over), and a small amount have timestamps but never jump the text display when playing (marsheaux - secret place).  I suppose this is expected when you have multiple contributors to the DB--standardizing must be "hell."

I tried a free upload site for the first time for the above mentioned examples, the zip is supposed to be available for 30 days:
https://ufile.io/ozpwl3g7

[CharlieJiang]

Actually if you have selected the "Original + Translation" option, there would be a merging process where the plugins merges two LRC blobs returned from the server, and it CAN be buggy.
If the result is still funny, I would be glad if you post the track title or the corrosponding Netease Music track ID so I can look into the result returned from Netease. The lyrics on the platform is community-contributed so incorrect timecodes do exist sometime.

Edit: I noticed that you have selected the Original option. Then it's more likely that the sources have buggy timecodes.

Yes I am using "Original only" as the translation choice.  When testing I had it on top of the source list, was doing a lot of station changing and screen grabbing etc. and started running into some "Retrieving lyrics.." hangs in the panel resulting in one "beauty" where all my cooling fans kicked on and processor usage by MB was over 25% (normally 1.6-2%) and I had to kill from Task Manager.  I put this down not to a flaw in the plugin but the fact of it trying to compare matches for best results and the fast changing of music sources by myself.  I did change the setting now to "fuzzy matching" which is described as "Don't double check match and use first result directly."

Most results have timestamps when copied but during playback jump immediately to the highlighted last line (caveman - helpless), a few aren't LRC and have no timestamps at all when copying them (thompson twins - roll over), and a small amount have timestamps but never jump the text display when playing (marsheaux - secret place).  I suppose this is expected when you have multiple contributors to the DB--standardizing must be "hell."

I tried a free upload site for the first time for the above mentioned examples, the zip is supposed to be available for 30 days:
https://ufile.io/ozpwl3g7

I noticed that in my setup (MB 3.6.8922 P), the dynamic lyrics of the tracks (caveman - helpless, album: Smash) and (Marsheaux - Secret Place, album: Inhale) behaved normally, while the track Roll Over simply have no dynamic lyrics in the Netease Music DB.



The current implementation is not utilizing the album name data. I was indeed experimenting new methods to match the results (stalled because of the Real World (tm) things),  but in the current release the matching process should only simply check if each result tracks matches with the provided track title, so the abnormal CPU usage is also pretty weird.

Also, I noticed that the track search API is not returning correct results for clients that satisfy both conditions: 1) not logged in; 2) using a non-Chinese IP address. Maybe I need to add a setting entry for the cookies. At the same time, you could try to include the correct track ID number in the custom 10 tag using "netease=123456" format.

[sveakul]

Charlie I just realized that I am probably the wrong person to be testing this plugin.  All my lyrics interests reside in fixed implementations, not LRC, although the behavior within my MusicBee lyrics panel is as I've described.  Nonetheless, I added it farther down the list because it will occasionally be the single source that finds a match.

I wouldn't worry about the one event with the high CPU usage, I was obviously changing streams too fast for the plugin to keep up with, and probably affecting the processing of LR, Beenius, and Museexmatch simultaneously as well.  Asking for trouble, IOW    .  I did want you and others to know that the unannounced 09/24/2023 release with no version number change no longer hangs as it did the year before, and should be tried by those asking for synced lyrics on the forum.  Thanks for your efforts here!

[MusicBorg]

I did want you and others to know that the 09/24/2023 release no longer hangs and should be tried by those asking for synced lyrics on the forum.

Just for our understanding: Are we correct to believe that there are currently two 1.8.1 versions that have different versions/dates for the dll?
If so, shouldn't the most recent one be named 1.8.2 so to avoid any confusion?

[sveakul]

What still appears on the github site today:



However if you drop the asset list the file is dated off to the right as "Sep 24, 2023", and contains a DLL with the same mod date (images truncated to save space):



A while back, what was inside that zip really was dated Sep 22, 2022--I know because I still have the original, with the 2022 mod date, and was also packaged as "mb_NeteaseLyrics_1.8.1.zip":



While the file sizes are the same, the SHA-256 Hash is not:



So to answer your question, at one time a 1.8.1 version still referred to on the site as the latest, had a file in it dated 9/22/2022 like the banner;  now, the file in the 1.8.1 zip is dated 9/24/2023 although the "banner" date has not changed.  The files themselves indeed are not the same (Hashes differ).

And finally, YES, I agree the file that exists there now should have its list version changed to 1.8.2!  Complicating things (you mean, even more?!) is the fact that neither files have a proper internal version number, both showing as "1.0.0.0."