Toggle search
Toggle menu
424
20
86
7.1K
LBP Union Archives
Toggle preferences menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Patchwork: Difference between revisions

From LBP Union Archives
More actions
Newer edit →
VisualWikitext
M88youngling (talk | contribs)
LBP Union, Librarian, Bureaucrats, checkuser, importer, Interface administrators, oversight, patroller, rollbacker, Administrators
298 edits
Initial page (don't want to lose my changes
 
M88youngling (talk | contribs)
LBP Union, Librarian, Bureaucrats, checkuser, importer, Interface administrators, oversight, patroller, rollbacker, Administrators
298 edits
Saving changes, More to come
Line 5: Line 5:


=== Discovery of LittleBigPlanet Client-side Exploits ===
=== Discovery of LittleBigPlanet Client-side Exploits ===
On December 7, 2024, LBP Union published a security advisory detailing the risk of [[wikipedia:Arbitrary_code_execution|remote code execution]] (RCE) attacks when playing in LittleBigPlanet P2P lobbies. This resulted in LBP Union disabling Dive In features for Beacon to encourage players only to play with those that they trust.<ref>[https://www.lbpunion.com/post/security-advisory-about-littlebigplanet-online-play/ Security Advisory About LittleBigPlanet Online Play], ''LBP Union'', December 7, 2024 (Accessed May 29, 2026)</ref> However, LBP Union was concerned about the possibility of a malicious user forcibly joining another player's session as early as October 16, 2024, according to a discussion in a private Starguard Discord channel<ref>{{Cite discord|author=Spikel3t|date=October 16, 2024|channel=#starguard|guild=LBP Union Discord Server|url=https://discord.com/channels/354122111503171586/1041748813163016282/1296022602783129682}}</ref>.
On December 7, 2024, LBP Union published a security advisory detailing the risk of [[wikipedia:Arbitrary_code_execution|remote code execution]] (RCE) attacks when playing in LittleBigPlanet P2P lobbies. This resulted in LBP Union disabling Dive In features for Beacon to encourage players only to play with those that they trust.<ref>[https://www.lbpunion.com/post/security-advisory-about-littlebigplanet-online-play/ Security Advisory About LittleBigPlanet Online Play], ''LBP Union'', December 7, 2024 (Accessed May 29, 2026)</ref> However, LBP Union was concerned about the possibility of a malicious user forcibly joining another player's session as early as October 16, 2024, according to a discussion in a private Starguard Discord channel<ref>{{Cite discord|author=Spikel3t|date=October 16, 2024|channel=starguard|guild=LBP Union Discord Server|url=https://discord.com/channels/354122111503171586/1041748813163016282/1296022602783129682}}</ref>.


Later, on May 7, 2025, LBP Union received code from an undisclosed source that was purported to enable force joining another user by creating a forged LittleBigInvite link. Since the exploit was made possible by a vulnerability in the game client, nothing could be done on the server to mitigate the risk; no custom server software by itself could ever make online play safe. Both Minister of Technology Zaprit and [[Union Space Corps]] Director Fetetra determined that the code was credible, and advised that Beacon's services be terminated until a solution could be developed. This situation was explained in a security advisory published on May 10<ref name=":0">[https://www.lbpunion.com/post/littlebigplanet-security-advisory-beacon-extended-downtime/ LittleBigPlanet Security Advisory: Force Join Exploit], ''LBP Union,'' May 10, 2025 (Accessed May 29, 2026)</ref>.  
Later, on May 7, 2025, LBP Union received code from an undisclosed source that was purported to enable force joining another user by creating a forged LittleBigInvite link. Since the exploit was made possible by a vulnerability in the game client, nothing could be done on the server to mitigate the risk; no custom server software by itself could ever make online play safe. Both Minister of Technology Zaprit and [[Union Space Corps]] Director Fetetra determined that the code was credible, and advised that Beacon's services be terminated until a solution could be developed. This situation was explained in a security advisory published on May 10<ref name=":0">[https://www.lbpunion.com/post/littlebigplanet-security-advisory-beacon-extended-downtime/ LittleBigPlanet Security Advisory: Force Join Exploit], ''LBP Union,'' May 10, 2025 (Accessed May 29, 2026)</ref>.  
Line 19: Line 19:


=== Developing Patchwork ===
=== Developing Patchwork ===
On May 18, Zaprit merged the first nine commits to the repository. He was initially assisted by Jvyden, who made eight commits between May and June that year. Toastbrot236 would contribute commits in July<ref>[https://github.com/HugeSpaceship/Patchwork/graphs/contributors?all=1 Patchwork Contributors Log], ''GitHub,'' Retrieved 5/29/2026</ref>. By May 25, Zaprit reported to the LBP Union Protectors that he and Jackcaver had successfully deployed the Patchwork security plugin on all three main LittleBigPlanet games with the PS3's [https://github.com/PS3Xploit/PS3HEN Homebrew Enabler (HEN)]. He proposed that UnionPatcher be discontinued in favor of Refresher as LBP Union's recommended Patching software, as Refresher was much more user friendly and implemented Patchwork when patching.<ref>{{Cite discord|author=Zaprit|date=May 25, 2025|channel=#protectors|guild=LBP Union Discord|url=https://discord.com/channels/354122111503171586/1145476353429356655/1376351416083415050}}</ref>
On May 18, Zaprit merged the first nine commits to the repository. He was initially assisted by Jvyden, who made eight commits between May and June that year. Toastbrot236 would contribute commits in July<ref>[https://github.com/HugeSpaceship/Patchwork/graphs/contributors?all=1 Patchwork Contributors Log], ''GitHub,'' Retrieved 5/29/2026</ref>. By May 25, Zaprit reported to the LBP Union Protectors that he and Jackcaver had successfully deployed the Patchwork security plugin on all three main LittleBigPlanet games with the PS3's [https://github.com/PS3Xploit/PS3HEN Homebrew Enabler (HEN)]. He proposed that UnionPatcher be discontinued in favor of Refresher as LBP Union's recommended Patching software, as Refresher was much more user friendly and implemented Patchwork when patching.<ref>{{Cite discord|author=Zaprit|date=May 25, 2025|channel=protectors|guild=LBP Union Discord|url=https://discord.com/channels/354122111503171586/1145476353429356655/1376351416083415050}}</ref>


=== Deploying Patchwork with Refresher ===
=== Deploying Patchwork with Refresher ===
On May 26, maintainers of the Refresher patching software repository on GitHub merged a pull request that began the process of incorporating Patchwork into Refresher. However, this first change only affected PS3 users<ref>[https://github.com/LittleBigRefresh/Refresher/pull/84 Refresher closed PR #84], GitHub, May 26, 2025, accessed May 29, 2026</ref>
On May 26, maintainers of the Refresher patching software repository on GitHub merged a pull request that began the process of incorporating Patchwork into Refresher. However, this first change only affected PS3 users<ref>[https://github.com/LittleBigRefresh/Refresher/pull/84 Refresher closed PR #84], GitHub, May 26, 2025, accessed May 29, 2026</ref>. It wasn't until June 18 that Refresher would support patching RPCS3 with Patchwork<ref>[https://github.com/LittleBigRefresh/Refresher/pull/92 Refresher closed PR #92], ''GitHub'', June 18, 2025, accessed May 29, 2026</ref>. LBP Union subsequently reopened Beacon on July 1, advising players to use Refresher to re-patch and install Patchwork<ref>[https://www.lbpunion.com/post/lbp-reconnected-2025-contest-beacon-is-back/ LBP Reconnected 2025 Contest: Beacon is Back!], ''LBP Union'', July 1, 2025, accessed May 29, 2026</ref>.


== The Plugin ==
== The Plugin ==
The repository describes Patchwork as follows:<blockquote>Patchwork is an SPRX module that patches the LittleBigPlanet series of games to fix some of the many security vulnerabilities the games have.</blockquote>As an [https://www.psdevwiki.com/ps3/SELF_-_SPRX SPRX] module, Patchwork can run on a PlayStation 3 or RPCS3 without any additional hardware or software after the patching process is complete. Once patched, Patchwork will start as soon as the game is booted so long as the console has syscalls enabled.{{Fact}}
The repository describes Patchwork as follows:<blockquote>Patchwork is an SPRX module that patches the LittleBigPlanet series of games to fix some of the many security vulnerabilities the games have.</blockquote>As an [https://www.psdevwiki.com/ps3/SELF_-_SPRX SPRX] module, Patchwork can run on a PlayStation 3 or RPCS3 without any additional hardware or software after the patching process is complete. Once patched, Patchwork will start as soon as the game is booted so long as the console has syscalls enabled.{{Fact}}

Revision as of 16:20, 29 May 2026

Patchwork is a security plugin developed by Zaprit and other community contributors. It was first designed to mitigate the risk of the force join exploit in LittleBigPlanet 1, 2 and 3. It is expected to eventually support PlayStation Vita as well as blocking malicious scripts from being loaded in the client.

History

Patchwork came from necessity following the discovery of several critical security vulnerabilities in the LittleBigPlanet client.

Discovery of LittleBigPlanet Client-side Exploits

On December 7, 2024, LBP Union published a security advisory detailing the risk of remote code execution (RCE) attacks when playing in LittleBigPlanet P2P lobbies. This resulted in LBP Union disabling Dive In features for Beacon to encourage players only to play with those that they trust.[1] However, LBP Union was concerned about the possibility of a malicious user forcibly joining another player's session as early as October 16, 2024, according to a discussion in a private Starguard Discord channel[2].

Later, on May 7, 2025, LBP Union received code from an undisclosed source that was purported to enable force joining another user by creating a forged LittleBigInvite link. Since the exploit was made possible by a vulnerability in the game client, nothing could be done on the server to mitigate the risk; no custom server software by itself could ever make online play safe. Both Minister of Technology Zaprit and Union Space Corps Director Fetetra determined that the code was credible, and advised that Beacon's services be terminated until a solution could be developed. This situation was explained in a security advisory published on May 10[3].

Seeking a Solution

The solutions proposed by LBP Union in this advisory were[3]:

  • A game patch: the only lasting fix, but also the most challenging to achieve due to the closed source code of the game. A game patch would either mitigate force join, prevent malicious scripts from loading, or both.
  • Custom RPCN network: would not fix the problem, but would allow LBP Union greater control over who could register an account. Would not help PS3 users.
  • Additional client-side software: LBP Union proposed additional software that might be able to support LittleBigPlanet clients at runtime.

The final proposal was pursued independently by Zaprit, creating the Patchwork GitHub repository soon thereafter.

Developing Patchwork

On May 18, Zaprit merged the first nine commits to the repository. He was initially assisted by Jvyden, who made eight commits between May and June that year. Toastbrot236 would contribute commits in July[4]. By May 25, Zaprit reported to the LBP Union Protectors that he and Jackcaver had successfully deployed the Patchwork security plugin on all three main LittleBigPlanet games with the PS3's Homebrew Enabler (HEN). He proposed that UnionPatcher be discontinued in favor of Refresher as LBP Union's recommended Patching software, as Refresher was much more user friendly and implemented Patchwork when patching.[5]

Deploying Patchwork with Refresher

On May 26, maintainers of the Refresher patching software repository on GitHub merged a pull request that began the process of incorporating Patchwork into Refresher. However, this first change only affected PS3 users[6]. It wasn't until June 18 that Refresher would support patching RPCS3 with Patchwork[7]. LBP Union subsequently reopened Beacon on July 1, advising players to use Refresher to re-patch and install Patchwork[8].

The Plugin

The repository describes Patchwork as follows:

Patchwork is an SPRX module that patches the LittleBigPlanet series of games to fix some of the many security vulnerabilities the games have.

As an SPRX module, Patchwork can run on a PlayStation 3 or RPCS3 without any additional hardware or software after the patching process is complete. Once patched, Patchwork will start as soon as the game is booted so long as the console has syscalls enabled.[citation needed]

  1. Security Advisory About LittleBigPlanet Online Play, LBP Union, December 7, 2024 (Accessed May 29, 2026)
  2. Spikel3t (October 16, 2024). Message posted in #starguard, on LBP Union Discord Server. View message .
  3. 3.0 3.1 LittleBigPlanet Security Advisory: Force Join Exploit, LBP Union, May 10, 2025 (Accessed May 29, 2026)
  4. Patchwork Contributors Log, GitHub, Retrieved 5/29/2026
  5. Zaprit (May 25, 2025). Message posted in #protectors, on LBP Union Discord. View message .
  6. Refresher closed PR #84, GitHub, May 26, 2025, accessed May 29, 2026
  7. Refresher closed PR #92, GitHub, June 18, 2025, accessed May 29, 2026
  8. LBP Reconnected 2025 Contest: Beacon is Back!, LBP Union, July 1, 2025, accessed May 29, 2026
Retrieved from "https://wiki.lbpunion.com/index.php?title=Patchwork&oldid=7082"
Last modified
This page was last edited on 29 May 2026, at 16:20.