top of page
Search

Project Lighthouse December 2022 Dev Log

LBP Union and Project Lighthouse are not affiliated with Sony Interactive Entertainment or their subsidiaries. Project Lighthouse is a clean room reverse engineering project of now defunct PlayStation 3 and Vita LittleBigPlanet online features. No proprietary code is distributed. Under no circumstances will we endorse or support piracy. You must have your own copy of the game in order to use the custom features once they become available. When using these features, you release Sony Interactive Entertainment (Sony) as well as any employees or agents of Sony, from any and all liability, corporate, or personal loss caused to you or others by the use of Lighthouse custom servers for LittleBigPlanet.



Project Lighthouse December Dev Log. A craft earth and moon with a rocket in the foreground

Dev Log Contributors:

m88youngling

Kairos (Er_BiyanoXD)

SamuraiEzoiar


Hello, everybody! A lot has changed in only just a month! Much of the work since November involved backend security updates, but there are a few other interesting changes as well. We’re getting closer to public beta, and we’re excited to share our progress with you!


Some highlights of what we’ve done this month,


  • PlayStation Network ticket signing is now possible, but not fully implemented (yet)

  • Dual factor authentication

  • Progress on website leaderboards

  • Cross controller planets work now

  • New team pick webhook messages

  • Fixed various exploits related to scores

  • LBP3 categories


With that out of the way, let’s talk about the most recent changes to Project Lighthouse in December 2022!


What is Project Lighthouse?


Project Lighthouse is a clean room, open-source reverse engineering effort to bring back online features to LittleBigPlanet on PlayStation 3 and Vita titles. You can learn more about it in our first blog post, or you can head over to our Github repository to check out the codebase and discussions!


Reworking Login and Registration Systems


There has been a recent breakthrough in development that has the potential to revolutionize how users connect to instances of Lighthouse. This advance comes from pieces of information from PlayStation Network’s server called NPTickets. According to LBP Union R&D Lead Developer Slendy, NPTickets “are used by the game to authenticate with the game server, contain a cryptographic signature of its contents. This signature can be used to verify that a ticket was indeed generated by the expected source and hasn't been tampered with.” To understand why this is important, we have to go back a little bit.


Current Lighthouse Authentication System


In the past, verifying a user’s authenticity was tricky. We resorted primarily to IP authentication on the website. Users have to login to their account online and approve their connection request similar to dual factor authentication. This worked, but it was still possible for users to spoof login tickets to impersonate other users in some situations.


Preventing Impersonation: Union Verifier


User impersonation is a big deal. Users at one point could create an account in the name of someone else and then spoof their login tickets to not only lock the user out of using that account, but also to act as them on the server. To prevent this, LBPU R&D developed Union Verifier, a system that required users to do one of two things when creating their account:


  • Add a unique short string of numbers and letters to their PSN ‘About Me’.