On May 22nd, 2021, the LittleBigPlanet team shut down the LittleBigPlanet servers once again. They acknowledged that community members had been “attacked,” marking the first time that the LittleBigPlanet team has publicly recognized malicious activity in regard to the recent server problems. However, the following tweet has since been deleted.
“LBP Server Update : Due to the severity of the recent attacks we have no other option than to temporarily disable the game servers. We do not take these attacks lightly especially when they target our loyal community members. Thanks for understanding.”— Sackboy: A Big Adventure | LittleBigPlanet (@LittleBigPlanet) May 22, 2021
Everything began on March 6th with the server outages. After 77 days of server maintenance, the LittleBigPlanet team was forced to shut down the servers again. How did this happen, and what happens now? How can we fix LittleBigPlanet?
The solution is simpler than you might think. In fact, it may only take one line of code to prevent this from happening again.
North Pole, Auto-Heart, and Pop-Ups
According to the official LittleBigPlanet Twitter account, the servers were supposedly online for “[testing]…new security updates” over the past few weeks. However, users reported a variety of oddities and problems with their online experience during this time. One of the most prominent issues was something users referred to as the ‘north pole’ effect, a phenomenon where levels were moved to the north pole of user’s profile Earths. This has effected reportedly thousands of levels in the game.
Players have also reported that there were users added to their hearted list without their permission. Although it’s easy to presume that this and the north pole effect may have been the fault of server instability, this isn’t the case. Rather, it was intentionally caused by another player.
Sometime later, users began to start seeing pop-up messages as they were browsing community pages, such as this message seen by Lordmann,
By visiting this profile, you agree to let us mine Bitcoin in the background. If you decline, you may leave this profile.
It was a humorous message, but how did this happen and what does it mean?
The north pole effect and the Bitcoin message are both caused by scripts. Cancerious, a LittleBigPlanet modder, describes scripts as “funny little files that handle all the UI, tweak menus, modifications to your Earth and Moon, and more.” He goes on to explain that “Scripts are like any other file in the game. They can be loaded via their hash or their GUID (globally unique identifier). The hash loading is what allows custom content onto the server.”
MysteriousCube, owner of the Dreamiverse Discord server, explains in a little more technical detail. “It’s possible to take an object with a custom script attached to it and save that onto a planet. Scripts are capable of doing many different cool things and we still don’t understand the full scope of what’s possible with them yet.”
The Danger of Scripts
To go into a little more detail, the auto-heart script is a good example to talk about LittleBigPlanet scripts. MysteriousCube explains that “it’s possible to have a custom script made that forces you to heart users which are specified in the script itself. While this may seem relatively harmless in theory, malicious people have figured out they can force other unsuspecting players to heart accounts that don’t exist, which will completely break the victim’s hearted user’s list.”
“Attempting to unheart the malicious accounts on LBP2 & 3 will cause yourself to heart them again, since they have the autoheart script on their planet,” MysteriousCube explains.
However, the potential for damage runs deeper. “It’s been tested and proven that someone in the future could figure out how to create a script that, upon activation by an unsuspecting victim, deletes all their Earth and Moon levels without any consent whatsoever. This would be incredibly destructive for the community and could cause irreparable damage. Said script can additionally be put on someone’s planet and attach itself to your own planet, causing the worst kind of virus the LBP community could suffer from.”
Although scripts may be extremely useful, the threat their existence poses may be too great.
Limitations of Scripts
It’s clear that scripts are responsible for what allows the game to function. However, in the above cases, modders have discovered how to embed custom scripts into decorations on their profiles. Once the profiles are loaded by other players, the scripts are activated.
Scripts could perhaps be considered hacking, but they are limited to functions the game can already perform on its own. Moving everyone’s levels to the north pole, automatically adding users to hearted lists, freezing your game, and generating pop-up messages are just a few of the things that scripts can do, but they can’t allow you to mine Bitcoin. The message that users were seeing was simply a joke.
In response to the issues that players were seeing, the LittleBigPlanet team issued this statement,
“We are aware that some of our community are experiencing issues with the servers. Please be assured that we are investigating these new attacks and will update you when we know more.”— Sackboy: A Big Adventure | LittleBigPlanet (@LittleBigPlanet) May 21, 2021
However, the fact that LittleBigPlanet users could generate these messages had serious implications. Within only a few days, the messages that users began to see only got worse.
The Final Straw
On Friday, May 21st, users began to see extremely offensive and transphobic messages appear on their screens due to the same script as the Bitcoin message. Many of the messages also seemed to directly intend to instill fear in other players with threats.
Overnight, the LittleBigPlanet team announced that they had disabled the servers to prevent the problem from continuing. They specified that the shutdown was temporary, but it remains to be seen how long the servers will remain offline.
How to Stop the Malicious Scripts with One Line of Code
The entire reason this issue exists in the first place is because scripts that enable auto-hearting, pop-up messages, and the north pole effect are allowed to be used on the LittleBigPlanet servers. Cancerious explains that “all the team needs to do to fix the issue at hand is to prevent the upload of ‘.ff’ files. It’s such a simple fix. Since the game allows for any file upload, this allows for custom content, but also these issues.”
To solve the problem, MysteriousCube asserts that “this can either be done by blacklisting .ff scripts from being uploaded (as this shouldn’t have been possible in the first place), or by whitelisting harmless resources for the game to properly function in its online aspect.”
I was also discussing the situation with another LittleBigPlanet modder. However, I was most interested in one critical point that he made: the ability to run scripts on user profiles in the game could be stopped with one line of Ruby code:
 if body.start_with?('FSH')
One line of code could prevent users from running .ff scripts, both malicious and humorous, on their profiles in the game. This line of code could have prevented the hateful messages that users were seeing. Thirty-two characters can stop players’ hearted lists from being broken. One short phrase could prevent consoles from freezing once the wrong profile was loaded.
It’s very simple. According to the modder, the line of code means “reject the request if the file being uploaded is a script by its file type.”
This line of code may not be what the developers will use to blacklist scripts, but something like it will get the job done.
Sumo Digital’s Responsibility
The only question we have now is, why? If this is true, why haven’t the developers done anything to add this line of code or something similar to it? Does adding it have unwanted effects on other aspects of the game? We may never know for sure. Perhaps the fact that modders have realized this now means that the LBP team is close to fixing it.
What Happens Now
There are mainly three outcomes that can happen from here. Sumo Digital and the other developers working on the LittleBigPlanet servers can patch the code, preventing the scripts, and turn the servers back on. Things wouldn’t be perfect, but it would eliminate one of the biggest threats to the community experience. Alternatively, they may not patch it correctly or other exploits could be found and abused. That would begin our problems all over again.
The third outcome is that the powers that be at Sony, perhaps by the order of Product Development Director Pete Smith, may decide to shut down the game’s official servers for good. This would come a cost for them. Customer loyalty in the LittleBigPlanet franchise is strong as we explored with our article about how many people play LittleBigPlanet. According to Gamstat.com, Sackboy: A Big Adventure has 21,000 players.
Although there are thousands of people interested in the franchise, is it enough for Sony to believe that the brand has potential to make them significant revenue in the future? As disappointing as it may sound, it’s possible that they might make that decision. We won’t know for sure until that day comes.
The Future of LittleBigPlanet
Although we can’t be certain which one of those outcomes we will end up with, it’s inevitable that eventually the servers for the original three LittleBigPlanet games will shut down. After that, the only way to play online with these games will be to start private servers.
This will be challenging, but I believe that modding will lead us into a new era of possibility. Private servers will be much more accessible for custom content and patches. As long as security and stability can be maintained, this could be an even better experience than Sony is providing us with right now. It may even be possible for modified PlayStation consoles to connect to these servers instead of just emulated versions of the game.
Until then, the best thing that we can do is continue showing our passion for the franchise. Let’s keep creating and sharing our work on social media. Let’s keep talking about our favorite games. Let’s keep holding out hope. The heart of LittleBigPlanet doesn’t depend on servers — it depends on people like you.
Thank you for reading this article. Things are a bit grim right now, but we can make the change we want to see by helping keep everyone informed. Be sure to share this article with others so that they can learn the truth about scripting and what Sony needs to do to fix LittleBigPlanet.
If you see or experience discrimination or hate speech, check out this resource from CivilRights.org on how to respond.
Be sure to follow us on our Twitter and Instagram, and be sure to jump into our Discord server to chat live about what matters to you. If you would like to share your thoughts and creations, be sure to create an account and post on our forum!