First of all this not for piracy! I don't encourage piracy.
Secondly, sorry for the bad English.
I am trying to test Waninkoko’s FwPKG tools. So I downloaded the tools and I compiled them.
I ran the tool “FwPKG” and I got the following:
Encrypt PKG: ./fwpkg e <output pkg> <files...>
Decrypt PKG: ./fwpkg d <input pkg> <output filename>
Then I took gaia v1.04 pkg and tested it. I got the output file.
As he said it should be a signed pkg!
~/waninkoko-fwtool-e396776# ./fwpkg e sgaia.pkg gaia/gaia.pkg
Metadata Key: B7 E0 13 9D 1C 6D BD E2 58 90 12 99 C8 92 3D 05
Metadata IV: 1C 76 A3 F8 D6 FE F0 6A DC CF 66 8C 33 17 A4 EA
>> PKG Entry 0:
Size: 840893 bytes (0.80 MB)
Key Index: 0
IV Index: 1
SHA Index: 2
Entry Key: F7 B7 87 13 24 44 F5 7D D4 08 16 9C 9A 53 A2 B6
Entry IV: C9 45 AF 9F 43 9F 09 1F 6E 70 AB A1 87 50 8B 7E
Entry SHA: D7 DC 9C 31 60 11 91 83 51 8A 36 CA 67 7F 49 89 FE 4F DA C7
PKG Size: 841332 bytes (0.80 MB)
My question is, does the output file “sgaia.pkg” is signed!
Actually, I cannot test it right now because I am at work.
I attached the file in case that someone want to help in testing.