Alright, I've read quite a few threads on people attempting to create a working CPU overclock for the iPod Touch (ipt) and all I really have to say is that most of them are going about it entirely wrong. I've seen a few of them attempting to modify the physical sysctl command located at : "/usr/sbin/sysctl" and I can guarantee this is wrong. So, I'm posting this thread to attempt to get some help with developing a working overclock. I'm going to provide all of the information I've managed to figure out through both research and testing. But first, some troll poison : I don't care if overclocking may damage my device, I don't care if it will cause overheating. Not only are you incorrect in saying it will damage it, since it's factory under-clocked by default, but it really doesn't matter. The goal is to get it done, not worry about the consequences of doing it. Next, a little bit of progress : When/if we finish, I'm hoping to create a physical application making use of this. The application will be in Python and run from terminal, this will be handled entirely on me. The only thing to worry about is that the over all goal is to remove the read-only OIDs. This means that the following command will execute properly when the goal is complete : sysctl -w hw.cpufrequency=X Now to share my knowledge so far... First some of the basics, OS X uses a UNIX-based Kernel known as Darwin. This kernel is decent and the version ported to the iPhoneOS is almost identical but has many features locked out. Darwin, being part of the POSIX family, uses terminals to execute certain commands. "sysctl" is an extremely powerful command to allow you to modify various system values. Sysctl can be configured in /etc/sysctl.conf, /etc/loader.conf, and /etc/sysctl.d/... All of these exist on iPhoneOS. Now, I'll throw in some probably new knowledge. If you looked, you're probably wondering why I said they exist. They certainly don't appear. Don't go checking hidden files, you won't find them. Hidden files on UNIX have the first character "." and would appear in an SSH client. So, why exactly is it that these files "don't exist?" The truth is, iPhoneOS consists of two partitions. One partition is root and the other is /private/var and together they form iPhoneOS as we know it. As a decent representation, try looking at /etc/fstab, it starts up two different partitions. Now, in fstab you CAN execute commands, however my tests reported negative when I tried to modify hw.cpufrequency before the firmware started. This means that the firmware actually reconfigures this value. According to the tests of someone else, removal of sysctl doesn't stop you from booting with the 412 Mhz processing power, thus proving that the firmware uses another method. Due to a countermeasure put in by Apple, you cannot copy the kernel from a 2g down to a 1g ipsw and expect it to work. This leaves us with two solutions. We can modify the kernel and recompile or we can figure out a way to remove the OIDs. Now, I mentioned those two partitions before. These "hidden" files are actually stored on the inaccessible firmware partition. I managed to find them on Ubuntu Linux 9.10 Karmic Koala by connecting via SSH/SFTP and running a search for "sysctl." Unfortunately, these files are read-only and I am obviously not the owner of said files. The solution? We need to figure out how we can assume root (super user) and access files on the firmware partition. As every good POSIX user knows, there is a backdoor in everything. Nothing is completely locked, only the front door. Assuming root user is extremely easy on most POSIX systems however. On Linux, users usually use "sudo" to perform a single action with super user privileges. On OS X, it is common to use "su" to take on root as a whole. Thus, we will use "su" to become root. After hitting su, it will request a password. The default password is "alpine" although you may have modified it. Enter your password, and you just became root. The only problem now, getting to that second partition. Once on the second partition, simply use chmod 777 on /etc/loader.conf or /etc/sysctl.conf and modify it. Essentially, there's only a single step missing. Getting that second/other partition. I'm working on it as we speak, but one person can only go so far. In Summary : su alpine *get to the second partition* chmod 777 /etc/loader.conf OR chmod 777 /etc/sysctl.conf Modify the line that sets 'hw.cpufrequency' as read-only, may take a few tries to locate it in the files. Reboot and be happy! You can now overclock/underclock! It's all up to us guys, we're extremely close as is. I'm working on finding that line that makes hw.cpufrequency read-only. If I cannot find it, it is safe to assume that it is in the kernel, and this will require a whole lot of extra work. P.S. Sorry about the wall of text, trying to give as much information as possible here to those who don't fully understand UNIX/POSIX.