(adsbygoogle = window.adsbygoogle || []).push({}); To most of you, this is confusing, and probably won't make sense. However if this does help someone with the signing, then good. Heres the information I found in the header of a .PKG so far, by reversing math's code. Theres more information in there, I know it, but I don't know what it is or does.

The first 4 bytes of data, contain ".PKG", this verifies that it is indeed a .PKG file

The fifth byte of data (0x04) contains whether it is a Debug or retail package, 0x80 means that is a retail package

at 0x07, it reads in whether it is a PS3 or a PSP .PKG, 0x01 for PS3, 0x02 for PSP.

At 0x24 it reads where the start of the Encrypted files themselves begin

At 0x2C it reads the Length of the Encrypted files

At 0x70 it reads the Package File Key. I'm not exactly sure what it is but it is used in the encryption/decryption process.

That's all I've found so far, hopefully it can be useful to some of you. Theres still a lot of stuff missing in here but I'm looking into it with some other people.

All credits to mathieulh for his Package decryptor

False, the ps3 won't read it as a package file,
you must use small case
which is ".pkg" not ".PKG"
And the rest is good, keep up the good work

This isn't the filename, this is inside it. Open a retail signed package and the first 4 things are ".PKG"

Knife find buddy

isn't this the signing key to make it work as original?

It could be, the comment below it says
//the "file" key at 0x70 have to be encrypted with a "global AES key" to generate the "xor" key

what im testing with at the moment as geohots test.pkg im changing some hex of the ftp server and replaced it with the key from his test.pkg so hopefull i might get some results

Nice find, good luck with it. Its confusing for me, lol.

Once you sign it, you have to pack it. Then you have to sign it again after you pack it.

lol i didnt understand a thing of that