LBP Union and Project Lighthouse are not affiliated with Sony Interactive Entertainment or their subsidiaries. Project Lighthouse is a clean room reverse engineering project of now defunct PlayStation 3 and Vita LittleBigPlanet online features. No proprietary code is distributed. Under no circumstances will we endorse or support piracy. You must have your own copy of the game in order to use the custom features once they become available. When using these features, you release Sony Interactive Entertainment (Sony) as well as any employees or agents of Sony, from any and all liability, corporate, or personal loss caused to you or others by the use of Lighthouse custom servers for LittleBigPlanet.
Dev Log Contributors:
Hello, everybody! A lot has changed in only just a month! Much of the work since November involved backend security updates, but there are a few other interesting changes as well. We’re getting closer to public beta, and we’re excited to share our progress with you!
Some highlights of what we’ve done this month,
PlayStation Network ticket signing is now possible, but not fully implemented (yet)
Dual factor authentication
Progress on website leaderboards
Cross controller planets work now
New team pick webhook messages
Fixed various exploits related to scores
With that out of the way, let’s talk about the most recent changes to Project Lighthouse in December 2022!
What is Project Lighthouse?
Project Lighthouse is a clean room, open-source reverse engineering effort to bring back online features to LittleBigPlanet on PlayStation 3 and Vita titles. You can learn more about it in our first blog post, or you can head over to our Github repository to check out the codebase and discussions!
Reworking Login and Registration Systems
There has been a recent breakthrough in development that has the potential to revolutionize how users connect to instances of Lighthouse. This advance comes from pieces of information from PlayStation Network’s server called NPTickets. According to LBP Union R&D Lead Developer Slendy, NPTickets “are used by the game to authenticate with the game server, contain a cryptographic signature of its contents. This signature can be used to verify that a ticket was indeed generated by the expected source and hasn't been tampered with.” To understand why this is important, we have to go back a little bit.
Current Lighthouse Authentication System
In the past, verifying a user’s authenticity was tricky. We resorted primarily to IP authentication on the website. Users have to login to their account online and approve their connection request similar to dual factor authentication. This worked, but it was still possible for users to spoof login tickets to impersonate other users in some situations.
Preventing Impersonation: Union Verifier
User impersonation is a big deal. Users at one point could create an account in the name of someone else and then spoof their login tickets to not only lock the user out of using that account, but also to act as them on the server. To prevent this, LBPU R&D developed Union Verifier, a system that required users to do one of two things when creating their account:
Add a unique short string of numbers and letters to their PSN ‘About Me’.
For RPCN users, add a specific user to their friends list.
This allowed users to demonstrate that they own a particular account before registering. However, the NPTicket breakthrough may make this system irrelevant.
The Future of Account Registration and Authentication with PSN
Understanding how NPTicket works gives us the power to verify that a ticket from PlayStation Network is authentic. In Slendy’s words, “This signature can be used to verify that a ticket was indeed generated by the expected source and hasn't been tampered with.” This allows for a far simpler and easier account registration and authentication flow than before. In fact, it doesn’t even require logging in on a website!
In Project Lighthouse Pull Request #600, Slendy created the first steps toward the following important points:
Users no longer need to register and authenticate themselves on a website for public instances. All they have to do is patch their game and connect to the server.
When the user connects to the server for the first time, their account is automatically created.
New users who want to login on the website will have to generate credentials, but the details of this haven’t been fully worked out yet.
PSN and RPCN accounts can be linked to a Lighthouse account. Users who play on both platforms can link both accounts.
There’s still a lot left to be figured out, but this is a massive step forward in accessibility of the server. It will make it easier for people to connect who have dynamic IP addresses.
The NPTicket issue was a challenging topic, and there were a number of contributors who participated in the discussion and assisted, including Galciv, Clembu, RipleyTom, HomicidalChicken, TorutheRedFox, Okiron and others!