• Welcome to ASR. There are many reviews of audio hardware and expert members to help answer your questions. Click here to have your audio equipment measured for free!

moOde audio player for Raspberry Pi

Tim Curtis said:
..script code embedded in music file metadata..
Click to expand...
Yikes! I didn't know that was possible.

Thanks all for your insights. I am going to do a fresh install (a daunting prospect for me which is why I tried to avoid it).
 
Marcel said:
Yikes! I didn't know that was possible.

Thanks all for your insights. I am going to do a fresh install (a daunting prospect for me which is why I tried to avoid it).
Click to expand...
Good luck, make sure you read the revised setup guide, if you follow it should not be too difficult.

github.com

docs/setup_guide.md at main · moode-player/docs

Project documentation. Contribute to moode-player/docs development by creating an account on GitHub.
github.com github.com
 
As @Falco mentioned just follow the steps in the Setup Guide. It's super easy but if you run into issues get an account on our Forum and post a Thread. Someone will help you out. There's info on requesting an account in the Support section at http://moodeaudio.org
 
Sure some people have setup issues but the vast majority of our users are up and running in just a couple of minutes. If there are setup issues then post a Thread in our nice Forum.

Also, the moode project can't really be compared to commercial audio appliances like the really nice WiiM devices. Our project and software is completely Free and Open Source, supports the entire family of Raspberry Pi computers, RaspiOS and stable Linux kernel. the enormous Pi ecosystem of hardware and software and the DIY audio community. 10+ years of dedication and support to this fantastic space :)
 
Tim Curtis said:
Local networks won't protect against some security vulnerabilities for example script code embedded in music file metadata, embedded default userid/password in the image etc. Exploiting these only requires the user to download a music file from an untrusted source or click on an expertly crafted phishing email or website. This behavior happen every day.
Click to expand...
This is something I didn't realize was possible. As long as all my music was ripped by me from my CDs, SACDs, Blu-rays and so on I'm assuming I should be good. I have bought music from bandcamp though, so now I'm wondering if I should scan those FLAC files. The chances are slim but you just never know I guess.
 
@aagstn, Yes of course doing your own cd rips and downloading music file from reputable, trusted sites like Bandcamp is going to be fine. The key is "reputable and trusted" sites.

For some calming of the mind you can always run the basic XSS scanner in moode and look at the log to see what it reports. It reports the existence of a couple of special characters in metadata elements that are also commonly used in script code. It does not report whether the contents of the metadata element is in fact a malicious script. Thats for you to determine.

Here's an example from one of my test collections that consists of a bunch of test files sent to us by users over the years for analyzing and debugging various issues. Theres no malicious script code in the metadata.

Screenshot 2024-10-01 at 10.21.16 AM.png Screenshot 2024-10-01 at 10.20.50 AM.png

Code: 
20241001 102201 worker: loadLibrary(): Start libcache generation
20241001 102201 worker: loadLibrary(): XSS detection on
20241001 102201 SECCHK: XSS character detected: tag|value: Title|Dark Star>
20241001 102201 SECCHK: File: USB/VFAT64/Test/1-2-1970/Grateful Dead - Dark Star].flac
20241001 102201 SECCHK: XSS character detected: tag|value: Title|St. Stephen>
20241001 102201 SECCHK: File: USB/VFAT64/Test/1-2-1970/Grateful Dead - St. Stephen].flac
20241001 102201 SECCHK: XSS character detected: tag|value: Title|The Eleven>
20241001 102201 SECCHK: File: USB/VFAT64/Test/1-2-1970/Grateful Dead - The Eleven].flac
20241001 102201 SECCHK: XSS character detected: tag|value: Title|That's It For The Other One (I. Cryptical Envelopment - II. Drums - III. The Other One - IV. Cryptical Envelopment) >
20241001 102201 SECCHK: File: USB/VFAT64/Test/1-2-1970/Grateful Dead - That's It For The Other One (I. Cryptical Envelopment - II. Drums - III. The Other One - IV. Cryptical Envelopment) ].flac
20241001 102201 SECCHK: XSS character detected: tag|value: Title|China Cat Sunflower >
20241001 102201 SECCHK: File: USB/VFAT64/Test/1-2-1970/Grateful Dead - China Cat Sunflower ].flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|https://www.youtube.com/watch?v=YnK66zxJpR0
20241001 102201 SECCHK: File: USB/VFAT64/Test/eusi/YUNGBLUD - ice cream man (Official Audio) (128kbit_AAC).m4a
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/01 - Hozier - Take Me To Church.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/02 - Hozier - Angel Of Small Death And The Codeine Scene.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/03 - Hozier - Jackie And Wilson.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/04 - Hozier - Someone New.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/05 - Hozier - To Be Alone.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/06 - Hozier - From Eden.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/07 - Hozier - In A Week [Featuring COWLEY Karen].flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/08 - Hozier - Sedated.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/09 - Hozier - Work Song.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/10 - Hozier - Like Real People Do.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/11 - Hozier - It Will Come Back.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/12 - Hozier - Foreigner's God.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Hozier - Hozier/13 - Hozier - Cherry Wine (Live).flac
20241001 102201 SECCHK: XSS character detected: tag|value: AlbumArtist|<various>
20241001 102201 SECCHK: File: USB/VFAT64/Test/jelinj8/01_Beyond The Century.mp3
20241001 102201 SECCHK: XSS character detected: tag|value: Artist|<various
20241001 102201 SECCHK: File: USB/VFAT64/Test/jelinj8/02_Adiemus.mp3
20241001 102201 SECCHK: XSS character detected: tag|value: AlbumArtist|>
20241001 102201 SECCHK: File: USB/VFAT64/Test/jelinj8/02_Adiemus.mp3
20241001 102201 SECCHK: XSS character detected: tag|value: Artist|<>
20241001 102201 SECCHK: File: USB/VFAT64/Test/jelinj8/03_Cantus Inaequalis.mp3
20241001 102201 SECCHK: XSS character detected: tag|value: Album|</3
20241001 102201 SECCHK: File: USB/VFAT64/Test/the_bertrum/Julia-Sophie - 3/Julia-Sophie - -3 - 01 and you know it.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Album|</3
20241001 102201 SECCHK: File: USB/VFAT64/Test/the_bertrum/Julia-Sophie - 3/Julia-Sophie - -3 - 02 cctv.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Album|</3
20241001 102201 SECCHK: File: USB/VFAT64/Test/the_bertrum/Julia-Sophie - 3/Julia-Sophie - -3 - 03 i wish.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Album|</3
20241001 102201 SECCHK: File: USB/VFAT64/Test/the_bertrum/Julia-Sophie - 3/Julia-Sophie - -3 - 04 love let you down.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Title|The Time Warp (Music-1 = Background Track + U Mix)
20241001 102201 SECCHK: File: USB/VFAT64/Test/Tony Diaz/Original Soundtrack (Disc 1)/16 The Time Warp (Music-1 = Background Track + U Mix).m4a
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Wheel_nut/The Rolling Stones - Hot Rocks, 1964-1971/01 - The Rolling Stones - Jumpin_ Jack Flash.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Wheel_nut/The Rolling Stones - Hot Rocks, 1964-1971/02 - The Rolling Stones - Street Fighting Man.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Wheel_nut/The Rolling Stones - Hot Rocks, 1964-1971/03 - The Rolling Stones - Sympathy For The Devil.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Wheel_nut/The Rolling Stones - Hot Rocks, 1964-1971/04 - The Rolling Stones - Honky Tonk Women.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Wheel_nut/The Rolling Stones - Hot Rocks, 1964-1971/05 - The Rolling Stones - Gimme Shelter.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Wheel_nut/The Rolling Stones - Hot Rocks, 1964-1971/06 - The Rolling Stones - Midnight Rambler (Live).flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Wheel_nut/The Rolling Stones - Hot Rocks, 1964-1971/07 - The Rolling Stones - You Can_t Always Get What You Want.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Wheel_nut/The Rolling Stones - Hot Rocks, 1964-1971/08 - The Rolling Stones - Brown Sugar.flac
20241001 102201 SECCHK: XSS character detected: tag|value: Comment|fre:ac - free audio converter <https://www.freac.org/>
20241001 102201 SECCHK: File: USB/VFAT64/Test/Wheel_nut/The Rolling Stones - Hot Rocks, 1964-1971/09 - The Rolling Stones - Wild Horses.flac
20241001 102203 worker: loadLibrary(): End libcache generation
pi@moode9:~ $
 
aagstn said:
..so now I'm wondering if I should scan those FLAC files. The chances are slim but you just never know I guess.
Click to expand...
Yes! I am wondering the same thing. And what if I somehow have been using a compromised version of mp3tag software that sneakily injects these scripts into my FLAC metadata..I am getting paranoid! But whats the alternative? Back to Nokia, smoke signals and chanting by the campfire?

Tim Curtis said:
..For some calming of the mind you can always run the basic XSS scanner in moode
Click to expand...
Thanks! I will definitely look into this.
 
I should also mention that in addition to the XSS batch scanner the front-end and back-end code in moode responsible for processing and displaying music file metadata encodes any "special" characters for example <>& in the metadata into HTML entities which effectively prevent things like <script>malicious code goes here</script> from being executed by the Browser.

Inline protection and batch scanning is a step in the right direction :)
 
I have been using Moode on an Rpi4 for the last 2 or 3 years, upgrading the software at intervals, with very few problems, and find it an excellent tool for my needs. Other products tried include Volumio, Kodi and Plex but I have kept with Moode for audio because I find it straightforward to use- at least until Camilla DSP came along - but I have even got that work, albeit with some effort.
By sticking to the instructions for doing a complete rewrite - as required for v9.*.* - it can be up and running again very quickly. For those coming new to it, yes there are steps to be learned/overcome to get your first sounds out of your system, but I say it is worth it for a low-cost system.
I have it set to run via uSB into a DAC or via HDMI into a Denon X3600 - George Thorogood playing as I write!
Thank you to Tim Curtis for all the work.
 
5-pot-fan said:
I have been using Moode on an Rpi4 for the last 2 or 3 years, upgrading the software at intervals, with very few problems, and find it an excellent tool for my needs. Other products tried include Volumio, Kodi and Plex but I have kept with Moode for audio because I find it straightforward to use- at least until Camilla DSP came along - but I have even got that work, albeit with some effort.
By sticking to the instructions for doing a complete rewrite - as required for v9.*.* - it can be up and running again very quickly. For those coming new to it, yes there are steps to be learned/overcome to get your first sounds out of your system, but I say it is worth it for a low-cost system.
I have it set to run via uSB into a DAC or via HDMI into a Denon X3600 - George Thorogood playing as I write!
Thank you to Tim Curtis for all the work.
Click to expand...
For some reason I just didn't struggle with Moode the way I did with Volumio. Even setting up IR remote controls to work was fairly easy using the guides people posted in the forums. That said, Pi projects have a learning curve and if this was a persons first time setting up a media device, I can see it taking some trial and error to figure out.

To me the payoff is worth it. This is the easiest and most customizable software I have used for personal streaming. Unlike Plex it reads my data tags correctly so I can sort my music the way I want. I also found navigating my library of music much easier than WiiM which I found slow and not easy to sort things with.

It is also a fairly affordable way to setup a streamer and has options for accessories like screens and remotes if you want to get the extra hardware. Of course it is also completely free. You can donate what you want to help the project but don't have a monthly or yearly fee to hassle with. Thank you indeed to everyone that brings Moode to us.
 
Tim Curtis said:
Hi,

moOde 9.1.3 is available in the Media Player OS section of the Raspberry Pi Imager or as a direct download at https://moodeaudio.org. Visit the Forum for more information https://moodeaudio.org/forum/showthread.php?tid=6994&pid=58280#pid58280

View attachment 399487

-Tim
Click to expand...
Thanks Tim. Coming back to using Moode again now that it is on bookworm. Great os. Setup on a usb boot disk was a breeze!!!

I do have a question on radio streaming. Many radio station has a “HD” logo and specifically I thought naimradio advertised on its website being “cd quality” but streaming with moode shows its AAC320k.

Is it something to do with the radio stations or perhaps there is a setting within moode on resolution?

Cheers
 
dlovesmusic said:
Thanks Tim. Coming back to using Moode again now that it is on bookworm. Great os. Setup on a usb boot disk was a breeze!!!

I do have a question on radio streaming. Many radio station has a “HD” logo and specifically I thought naimradio advertised on its website being “cd quality” but streaming with moode shows its AAC320k.

Is it something to do with the radio stations or perhaps there is a setting within moode on resolution?

Cheers
Click to expand...
What I've seen is that any radio station above 128k gets the HD/highres mark.

Regarding the AAC320k, that's quite high quality. But still compression I believe, whereas a CD is not compressed to my knowledge.
 
Falco said:
What I've seen is that any radio station above 128k gets the HD/highres mark.

Regarding the AAC320k, that's quite high quality. But still compression I believe, whereas a CD is not compressed to my knowledge.
Click to expand...
Thanks. It’s more about understanding why than anything else. 320k is fine really. Anyway I think I see radio paradise actually doing 900k flac, so it probably depends on the radio stations
 
dlovesmusic said:
Thanks. It’s more about understanding why than anything else. 320k is fine really. Anyway I think I see radio paradise actually doing 900k flac, so it probably depends on the radio stations
Click to expand...
Indeed, radio paradise has several quality streams including a flac stream.

You can find some here:
www.hiresaudio.online

CD Quality Internet Radio

How to listen to CD Quality Internet Radio in lossless FLAC with browsers and apps plus a list of CD Quality Internet Radio stations.
www.hiresaudio.online www.hiresaudio.online
 
I just realize radio stations can be sorted by resolution. Great stuff!!!

I have just added some hi res radio stations and work flawlessly.
 
There's no established standard for what constitutes "HiRes" streaming so in moode we display the badge if the streaming bitrate stated by the broadcaster is > 128K. This bitrate and the codec thats used is stored in a table and is whats displayed in the WebUI. There is also a live variable bitrate that MPD snapshots periodically but I don't know how useful it would be to show that.

These "HiRes" streams would typically be broadcast at 192K, 256K, or 320K using lossy compression like MP3, AAC or AAC-LC. There are also some broadcasters using lossless FLAC compression at ~900K. and one or two broadcasting in uncompressed WAV format at 1.411M. Some of these broadcasters use terminology like "CD quality" or "Near CD quality" to describe their streams.
 
dlovesmusic said:
Thanks Tim. Coming back to using Moode again now that it is on bookworm. Great os. Setup on a usb boot disk was a breeze!!!

I do have a question on radio streaming. Many radio station has a “HD” logo and specifically I thought naimradio advertised on its website being “cd quality” but streaming with moode shows its AAC320k.

Is it something to do with the radio stations or perhaps there is a setting within moode on resolution?

Cheers
Click to expand...
Yes, the 320K AAC Naim streams are used in moode because they include injected metadata (Artist, Track Title, etc) that we can display in the WebUI. The FLAC streams from Naim don't contain injected metadata. It's prolly only provided in an App they want u use. Something like that.

In any case I think the URL's below are the playable FLAC streams.
http://129.146.133.23:9000/naim_classical
http://129.146.133.23:9000/naim_jazz
http://129.146.133.23:9000/naim_radio
 
Hi,

FYI - A new company named RABAS Technologies https://rabas.in/ was formed by a former Allo employee and has started manufacturing and selling the very nice Allo product line including the Kali Reclocker which is expected to be in stock sometime in December 2024. There are also some new products in the pipeline according to the company.

-Tim
 
Tim Curtis said:
Hi,

FYI - A new company named RABAS Technologies https://rabas.in/ was formed by a former Allo employee and has started manufacturing and selling the very nice Allo product line including the Kali Reclocker which is expected to be in stock sometime in December 2024. There are also some new products in the pipeline according to the company.

-Tim
Click to expand...
Thanks for the heads-up Tim. Unfortunately I get a notification that a connection cannot be established. Is that the same for any of you?
 
You must log in or register to reply here.

Similar threads

A
Multiple Audio distro in one SD card for raspberry pi
Replies
8
Views
1K
Audoophile
A
R
Question for users of less expensive music streamers - How are you using them?
2
Replies
22
Views
2K
rongon
R
S
Soniqube - new Raspberry Pi streamer with built-in DSP and mobile app
Replies
18
Views
3K
hermano
H
jeffb
A Low-Cost Music Server With High-Resolution Metadata
Replies
5
Views
1K
jeffb
jeffb
NTTY
TASCAM CD-200 Review (CD Player)
Replies
6
Views
933
Scytales
Scytales
Back
Top Bottom