Its very easy... much easier than you might expect.
And yes the method is searchable and posted in detail a long time ago.
Pay attention to the language used to descibe what is being done.
It wont do anyone any good until packages can be signed for 3.56+
So until that happens its useless and damaging to the scene to expose the "exploit" for what it is.