Alright now this very well may work, or i may go down in my own flames, dying a slow death. but if we take a signed package from sony, and unpack it with the latest SDK, then we pack it with the SDK, then it wont be signed, so we will have 2 pkg files, one signed, one not. both containing the same data with the same stuff, just one pkg got signed by sony, and one didn't.
now i know this next part will be the most noobish thing to say, but we could put them on a hex editor, then view the differences. if i'm correct the only difference we should see is the signature.
Alas no - namely, because retail packages can not be decrypted without the aid of a PS3, and the only way to re-encrypt them would be to use development keys (since, we lack retail ones) - so on compare they would be very, different.
Furthermore, there is still a matter of the encrypted executable (the .self, usually the EBOOT.BIN) - which is another entire issue.