LBP Union and Project Lighthouse are not affiliated with Sony Interactive Entertainment or their subsidiaries. Project Lighthouse is a clean room reverse engineering project of now defunct PlayStation 3 and Vita LittleBigPlanet online features. No proprietary code is distributed. Under no circumstances will we endorse or support piracy. You must have your own copy of the game in order to use the custom features once they become available. When using these features, you release Sony Interactive Entertainment (Sony) as well as any employees or agents of Sony, from any and all liability, corporate, or personal loss caused to you or others by the use of Lighthouse custom servers for LittleBigPlanet.
Dev Log Contributors:
m88youngling
Kairos (Er_BiyanoXD)
SamuraiEzoiar
Hello, everybody! A lot has changed in only just a month! Much of the work since November involved backend security updates, but there are a few other interesting changes as well. We’re getting closer to public beta, and we’re excited to share our progress with you!
Some highlights of what we’ve done this month,
- PlayStation Network ticket signing is now possible, but not fully implemented (yet)
- Dual factor authentication
- Progress on website leaderboards
- Cross controller planets work now
- New team pick webhook messages
- Fixed various exploits related to scores
- LBP3 categories
With that out of the way, let’s talk about the most recent changes to Project Lighthouse in December 2022!
What is Project Lighthouse?
Project Lighthouse is a clean room, open-source reverse engineering effort to bring back online features to LittleBigPlanet on PlayStation 3 and Vita titles. You can learn more about it in our first blog post, or you can head over to our Github repository to check out the codebase and discussions!
Reworking Login and Registration Systems
There has been a recent breakthrough in development that has the potential to revolutionize how users connect to instances of Lighthouse. This advance comes from pieces of information from PlayStation Network’s server called NPTickets. According to LBP Union R&D Lead Developer Slendy, NPTickets “are used by the game to authenticate with the game server, contain a cryptographic signature of its contents. This signature can be used to verify that a ticket was indeed generated by the expected source and hasn’t been tampered with.” To understand why this is important, we have to go back a little bit.
Current Lighthouse Authentication System
In the past, verifying a user’s authenticity was tricky. We resorted primarily to IP authentication on the website. Users have to login to their account online and approve their connection request similar to dual factor authentication. This worked, but it was still possible for users to spoof login tickets to impersonate other users in some situations.
Preventing Impersonation: Union Verifier
User impersonation is a big deal. Users at one point could create an account in the name of someone else and then spoof their login tickets to not only lock the user out of using that account, but also to act as them on the server. To prevent this, LBPU R&D developed Union Verifier, a system that required users to do one of two things when creating their account:
- Add a unique short string of numbers and letters to their PSN ‘About Me’.
- For RPCN users, add a specific user to their friends list.
This allowed users to demonstrate that they own a particular account before registering. However, the NPTicket breakthrough may make this system irrelevant.
The Future of Account Registration and Authentication with PSN
Understanding how NPTicket works gives us the power to verify that a ticket from PlayStation Network is authentic. In Slendy’s words, “This signature can be used to verify that a ticket was indeed generated by the expected source and hasn’t been tampered with.” This allows for a far simpler and easier account registration and authentication flow than before. In fact, it doesn’t even require logging in on a website!
In Project Lighthouse Pull Request #600, Slendy created the first steps toward the following important points:
- Users no longer need to register and authenticate themselves on a website for public instances. All they have to do is patch their game and connect to the server.
- When the user connects to the server for the first time, their account is automatically created.
- New users who want to login on the website will have to generate credentials, but the details of this haven’t been fully worked out yet.
- PSN and RPCN accounts can be linked to a Lighthouse account. Users who play on both platforms can link both accounts.
There’s still a lot left to be figured out, but this is a massive step forward in accessibility of the server. It will make it easier for people to connect who have dynamic IP addresses.
The NPTicket issue was a challenging topic, and there were a number of contributors who participated in the discussion and assisted, including Galciv, Clembu, RipleyTom, HomicidalChicken, TorutheRedFox, Okiron and others!
Recent Activity Progress
Oops! It looks like the way that Dagg was trying to implement Recent Activity was very messy and could, we’re not joking, destroy the server.
However, a few days ago, Dagg started working on Recent Activity 2.0, which is more clean and a big work in progress, but at least it’s more stable than the old version. Dagg also separated LBP1 News from Recent Activity on the new pull request, so LBP1 News’ development is currently on pause.
Dual Factor Authentication
When it comes to securing accounts, we don’t want to take any chances. Although our instance of Lighthouse has rate limiting in place to prevent malicious brute force attempts to hack into accounts, users now have the option to enable dual factor authentication (2FA) as part of the login process. This will require you to type in a code from an authenticator app to login.
This feature is required by moderators and administrators to ensure instance security. This feature was implemented by Slendy in PR #577.
Progress on Website Leaderboards
According to Pull Request #601 by Slendy, a number of new improvements to the website are under development, including:
- Level scoreboards and score moderation
- Your Hearted and Queued Levels
- Delete comments (Limited to moderators, comment posters, and level/profile owners)
- Delete reviews (Limited to moderators and level owners)
Cross Controller Planets
Cross Controller Planets allows you to set a new set of decorations for your planet when your PSVita is connected to your PS3. In previous versions of the Project Lighthouse software, it was impossible to enter Cross-Controller planets as it was not coded in. If you were in Cross Controller mode, your planet would revert its decorations back to the default, even if you had other decorations saved.
https://youtube.com/watch?v=LUjziMFRpN4%3Fautoplay%3D0%26mute%3D0%26controls%3D0%26origin%3Dhttps%253A%252F%252Fmanage.wix.com%26playsinline%3D1%26showinfo%3D0%26rel%3D0%26iv_load_policy%3D3%26modestbranding%3D1%26enablejsapi%3D1%26widgetid%3D1
Contrary to what you may think, this does not affect level sorting. Cross Controller levels are still visible to users without a PSVita connected to their game. This feature also does not affect the number of levels you can upload to the server.
Since the official LBP Vita server endpoints shut down last year, Cross Controller no longer works normally. However, using a DNS fix (OFW) or by patching your cross controller EBOOT file (CFW), you can play Cross Controller again! Stay tuned for a future tutorial.
New Team Pick Webhook Messages
Project Lighthouse has a webhook tool that allows you to automatically share recent activity updates to another platform. For now, the main platform we’ve been testing is Discord. In the past, this tool has only updated users about new levels and photos. However, it now updates users on new team picks in PR #528. This feature was created by community developer aMySour and reviewed by Slendy.
Fixed Various Exploits Related to Scores
In Pull Request #566 created by Union Space Corps Surveyor Penguinskillcaps (W0lf4llo), a few code tweaks can make a big difference. This prevents users from submitting scores of players other than themselves. Slendy writes that this “fixed a bug where when looking at scores it would send the game someone else’s score if it was a substring of your name”.
In a separate commit, Slendy fixed another score uploading exploit.
Upgraded LBP3 Categories
Through data mining efforts, we discovered the IDs for each community tab icon, as well as the genres tabs. We were also able to find icons that went unused on the original servers like Lucky Dip.
Thanks to this advancement, we got various community tabs working, like Most Hearted, Most Played, and Highest Rated. There is also the possibility of making custom tabs! However, we’re not quite ready for that yet. W0lf4llo and Slendy helped make these changes possible in PR #567.
Working Toward Public Beta
Our primary goal in these new changes is public beta. We can’t wait to share online features with everyone again, and many of these changes help us do this in a safer environment. For now, we don’t recommend that instance hosts make registration public until the last of these changes can be added.
But how do we know how far along in the process we are? One good way to tell is that we’ve created a milestone issue group on Github which lets us track our progress. We’ve collected a number of issues we believe are essential to public beta and put them together. The issue milestone list, along with all other parts of Project Lighthouse, are accessible for anyone to see and contribute to.
According to the milestone, we are about 53% finished. However, the issues you see here aren’t the only hurdles we need to overcome. There are some non-Lighthouse related challenges that we need to overcome for our server, Beacon, to be ready for a public release. Infrastructure and administrative work is necessary for a server of this size, so please be patient with us as we prepare Beacon for the public!
If you have C# and ASP.NET experience or other useful information that may be helpful for Lighthouse’s development, please feel free to contribute to the repository with a pull request! You can also join in the discussion on Project Lighthouse’s discussion board.
How Can I Contribute to Project Lighthouse?
Project Lighthouse has always been an open-source project that anyone can contribute to! To contribute a proposed change, you can create a pull request (PR) on our Github repository. This PR is subject to review by maintainers. These are developers from the LBP Union R&D team who can review the contribution and offer suggestions for improvements before merging the changes with Project Lighthouse.
If you are an active contributor to Project Lighthouse, you may have a chance at joining the LBP Union Research and Development team! This allows you to help us work on our instance of Lighthouse called Beacon which is currently in private beta. We occasionally work on other projects and discuss Lighthouse repository maintenance on Discord. You can apply for the team on our application form.
Thank You for Your Support!
We can’t wait to bring you more news about Project Lighthouse development into the future! There’s no telling what new heights LittleBigPlanet will achieve in the future, and we’re excited for the community to share that future together! Thank you for reading. If you found this dev log interesting, please share it with a friend and leave a comment!
