Yet another overclocking thread amongst other things....

[mvhurlburt]

Ok I know it's been asked a million times before here about overclocking but regardless if you think it's useful a waste of time, a battery killer or whatever there is a large number of interested people. Being able to have access to the CPU's clock speed would allow for the development of an app that could dynamically underclock to conserve battery and dynamically overclock to boost performance. This also could be applied to the other cores onboard the SoC such as the GPU, DSP, crypto, etc. Now I've seen many "guides" to OC using fstab which is just plain incorrect.

The way to adjust the CPU frequency, and probably others is through 'sysctl' in this case the attribute would be 'hw.cpufrequency'. The problem is that attribute isn't writeable after iOS 2.0 when Apple locked it down. I believe this was the method that Apple used to slightly overclock the original iPhone(400 to 412MHz?) In order to make it writeable a kernel patch will be necessary. Whil I've never personally done I believe the process goes somewhat like this:
Grab the KBAG in a hex editor. -> decrypt the KBAG key & IV with the firware/device key & IV -> Use the resulting key & IV to decrypt the img3 data file -> dump the kernel -> make a patch and encrypt it -> re-encrypt the kernel and apply the patch.

That's all fairly simple in theory, short of making the actual patch. We may be able to enable some of the other sysctl knobs that are presently readonly. There may be some other sysctl knobs that are responsible for the other various cores on the various SoC's present on iDevices.

When enabling verbose boot in redsn0w sysctl knob kern.bootargs is set to "-v". That particular sysctl knob is a read-only so the dev team may have a way to make things writeable. At this point I'm a bit curious; verbose boot on an iPhone 4 can only happen with a tethered boot through redsn0w performing the limerain exploit as i0n1c's untether is in the kernel and depends on a modified launchd. Please correct me if I am wrong. That being said, with the latest release of redsn0w, the option to use animated or custom boot logos has been added. Is it possible that instead of using a custom boot logo to have a sort of pseudo verbose boot by showing what is being printed to the stdout at that point in time? I know that's a bit off-topic but, again, the option to boot verbose is readonly. If that can only be enabled through an iBoot exploit as opposed to a userspace/kernel exploit would it even be possible to patch hw.cpufrequency without needing a tethered boot?

Any input would be greatly appreciated as making these attributes writable could open up a variety of options from making a device more energy efficient to dynamically boosting the power of a particular core for a related task. If anybody has any experience with kernel patching, especially with iOS or darwin, any online resources to get started with would also be greatly appreciated. TIA.