Project Lighthouse December 2022 Dev Log
LBP Union and Project Lighthouse are not affiliated with Sony Interactive Entertainment or their subsidiaries. Project Lighthouse is a clean room reverse engineering project of now defunct PlayStation 3 and Vita LittleBigPlanet online features. No proprietary code is distributed. Under no circumstances will we endorse or support piracy. You must have your own copy of the game in order to use the custom features once they become available. When using these features, you release Sony Interactive Entertainment (Sony) as well as any employees or agents of Sony, from any and all liability, corporate, or personal loss caused to you or others by the use of Lighthouse custom servers for LittleBigPlanet.
Dev Log Contributors:
Hello, everybody! A lot has changed in only just a month! Much of the work since November involved backend security updates, but there are a few other interesting changes as well. We’re getting closer to public beta, and we’re excited to share our progress with you!
Some highlights of what we’ve done this month,
PlayStation Network ticket signing is now possible, but not fully implemented (yet)
Dual factor authentication
Progress on website leaderboards
Cross controller planets work now
New team pick webhook messages
Fixed various exploits related to scores
With that out of the way, let’s talk about the most recent changes to Project Lighthouse in December 2022!
What is Project Lighthouse?
Project Lighthouse is a clean room, open-source reverse engineering effort to bring back online features to LittleBigPlanet on PlayStation 3 and Vita titles. You can learn more about it in our first blog post, or you can head over to our Github repository to check out the codebase and discussions!
Reworking Login and Registration Systems
There has been a recent breakthrough in development that has the potential to revolutionize how users connect to instances of Lighthouse. This advance comes from pieces of information from PlayStation Network’s server called NPTickets. According to LBP Union R&D Lead Developer Slendy, NPTickets “are used by the game to authenticate with the game server, contain a cryptographic signature of its contents. This signature can be used to verify that a ticket was indeed generated by the expected source and hasn't been tampered with.” To understand why this is important, we have to go back a little bit.
Current Lighthouse Authentication System
In the past, verifying a user’s authenticity was tricky. We resorted primarily to IP authentication on the website. Users have to login to their account online and approve their connection request similar to dual factor authentication. This worked, but it was still possible for users to spoof login tickets to impersonate other users in some situations.
Preventing Impersonation: Union Verifier
User impersonation is a big deal. Users at one point could create an account in the name of someone else and then spoof their login tickets to not only lock the user out of using that account, but also to act as them on the server. To prevent this, LBPU R&D developed Union Verifier, a system that required users to do one of two things when creating their account:
Add a unique short string of numbers and letters to their PSN ‘About Me’.