top of page

Project Lighthouse December 2022 Dev Log

LBP Union and Project Lighthouse are not affiliated with Sony Interactive Entertainment or their subsidiaries. Project Lighthouse is a clean room reverse engineering project of now defunct PlayStation 3 and Vita LittleBigPlanet online features. No proprietary code is distributed. Under no circumstances will we endorse or support piracy. You must have your own copy of the game in order to use the custom features once they become available. When using these features, you release Sony Interactive Entertainment (Sony) as well as any employees or agents of Sony, from any and all liability, corporate, or personal loss caused to you or others by the use of Lighthouse custom servers for LittleBigPlanet.



Project Lighthouse December Dev Log. A craft earth and moon with a rocket in the foreground

Dev Log Contributors:

m88youngling

Kairos (Er_BiyanoXD)

SamuraiEzoiar


Hello, everybody! A lot has changed in only just a month! Much of the work since November involved backend security updates, but there are a few other interesting changes as well. We’re getting closer to public beta, and we’re excited to share our progress with you!


Some highlights of what we’ve done this month,


  • PlayStation Network ticket signing is now possible, but not fully implemented (yet)

  • Dual factor authentication

  • Progress on website leaderboards

  • Cross controller planets work now

  • New team pick webhook messages

  • Fixed various exploits related to scores

  • LBP3 categories


With that out of the way, let’s talk about the most recent changes to Project Lighthouse in December 2022!


What is Project Lighthouse?


Project Lighthouse is a clean room, open-source reverse engineering effort to bring back online features to LittleBigPlanet on PlayStation 3 and Vita titles. You can learn more about it in our first blog post, or you can head over to our Github repository to check out the codebase and discussions!


Reworking Login and Registration Systems


There has been a recent breakthrough in development that has the potential to revolutionize how users connect to instances of Lighthouse. This advance comes from pieces of information from PlayStation Network’s server called NPTickets. According to LBP Union R&D Lead Developer Slendy, NPTickets “are used by the game to authenticate with the game server, contain a cryptographic signature of its contents. This signature can be used to verify that a ticket was indeed generated by the expected source and hasn't been tampered with.” To understand why this is important, we have to go back a little bit.


Current Lighthouse Authentication System


In the past, verifying a user’s authenticity was tricky. We resorted primarily to IP authentication on the website. Users have to login to their account online and approve their connection request similar to dual factor authentication. This worked, but it was still possible for users to spoof login tickets to impersonate other users in some situations.


Preventing Impersonation: Union Verifier


User impersonation is a big deal. Users at one point could create an account in the name of someone else and then spoof their login tickets to not only lock the user out of using that account, but also to act as them on the server. To prevent this, LBPU R&D developed Union Verifier, a system that required users to do one of two things when creating their account:


  • Add a unique short string of numbers and letters to their PSN ‘About Me’.

  • For RPCN users, add a specific user to their friends list.


A screenshot of the Project Lighthouse Union Verifier UI, which requires users to type a verification code into their PSN About Me page.

This allowed users to demonstrate that they own a particular account before registering. However, the NPTicket breakthrough may make this system irrelevant.


The Future of Account Registration and Authentication with PSN


Understanding how NPTicket works gives us the power to verify that a ticket from PlayStation Network is authentic. In Slendy’s words, “This signature can be used to verify that a ticket was indeed generated by the expected source and hasn't been tampered with.” This allows for a far simpler and easier account registration and authentication flow than before. In fact, it doesn’t even require logging in on a website!


In Project Lighthouse Pull Request #600, Slendy created the first steps toward the following important points:


  • Users no longer need to register and authenticate themselves on a website for public instances. All they have to do is patch their game and connect to the server.

  • When the user connects to the server for the first time, their account is automatically created.

  • New users who want to login on the website will have to generate credentials, but the details of this haven’t been fully worked out yet.

  • PSN and RPCN accounts can be linked to a Lighthouse account. Users who play on both platforms can link both accounts.


A screenshot of the linked accounts feature, showing options to link PSN and RPCN accounts.

There’s still a lot left to be figured out, but this is a massive step forward in accessibility of the server. It will make it easier for people to connect who have dynamic IP addresses.


The NPTicket issue was a challenging topic, and there were a number of contributors who participated in the discussion and assisted, including Galciv, Clembu, RipleyTom, HomicidalChicken, TorutheRedFox, Okiron and others!


Recent Activity Progress


Oops! It looks like the way that Dagg was trying to implement Recent Activity was very messy and could, we’re not joking, destroy the server.


A screenshot of LittleBigPlanet 2 recent activity in progress by Dagg.