Hacking Homebrew Possibility of unlocking hardware (Overclocking) and/or FPS/Resolution limits on games?

[Pelochus]

Been using a Xbox One X for about 2 years, but after seeing many games running on XSX and XSS (especially this one since it is pretty similar in some areas like GPU and RAM) I've been wondering if it was possible unlocking games via homebrew or DEV mode to allow changing resolution and/or frames. There are many games that run at 4K@30 that could easily run at 2K/1080p@60 (even if a bit unstable), Series S is an example of this possibility (an example could be Forza Horizon 5, which runs at 1080p@60 on SS (performance mode) and 4K@30 on One X).

Overclocking is also something that could help to achieve this, or even underclocking to reduce power consumption (though, it doesn't make much sense). There are lots of game capped at 30 fps that could easily run better on One X or at least have a less aggressive dynamic resolution.

Long story short, the ideal situation would be:
- Over and underclocking, both CPU and GPU
- Changing graphics settings to any other combination from other consoles (example, One X downgrading to One, or upgrading to SS)
- Since console games are pretty similar to PC games, changing virtually anything (resolution, frames, graphics... of course, asumming there are hidden settings in the Xbox version of the game)

Is it possible right now to do anything mentioned above? Or, at least, COULD be possible in the future if homebrew progresses beyond the sandboxed DEV mode?

 

[Reploid]

not really

 

[Kraken_X]

Overclocking might not be safe or possible, but changing framerate and resolution is definitely possible, at least on some games, since it can be done on a modded PS4. However the hard part is hacking the Xbox One, since that hasn't been done before and MS would patch it pretty much immediately. Hacking the Xbox One would also prevent access to Xbox Live, negating one of the largest benefits of the platform.

Once the Xbox One is hacked to disable signature checking, then each game would need to be individually patched to adjust the frame limit and resolution. Depending on the game, this could be as easy as changing the config file, or it could be much more difficult. You probably won't actually get a stable 60fps since the devs would have just made the game 60 fps if the system could handle it, so it would probably fluctuate between 30 and 60 depending on how much activity is happening.

The easy option is to get a very powerful PC and play games there where the settings are easily accessible. Nearly all of the Xbox library is available on PC.

 

[Pelochus]

Overclocking might not be safe or possible, but changing framerate and resolution is definitely possible, at least on some games, since it can be done on a modded PS4. However the hard part is hacking the Xbox One, since that hasn't been done before and MS would patch it pretty much immediately. Hacking the Xbox One would also prevent access to Xbox Live, negating one of the largest benefits of the platform.

Once the Xbox One is hacked to disable signature checking, then each game would need to be individually patched to adjust the frame limit and resolution. Depending on the game, this could be as easy as changing the config file, or it could be much more difficult. You probably won't actually get a stable 60fps since the devs would have just made the game 60 fps if the system could handle it, so it would probably fluctuate between 30 and 60 depending on how much activity is happening.

The easy option is to get a very powerful PC and play games there where the settings are easily accessible. Nearly all of the Xbox library is available on PC.

I'm aware of the possible Xbox Live ban, but since DEV mode is technically allowed, if someone can get access to lower level stuff from DEV mode, it could be that is not considered hacking (just an idea, probably impossible to get low-level access only with DEV mode).

Regarding overclocking... well is just an option, risky one, sure. Switch has that capability, and it works quite decently, some people managed to get good frames/resolution on games like XC2 or Hyrule Warriors, or even get improved battery life with underclocking. OG XO users would probably love getting more stable framerates on games like CP2077 with OC.

TBH, I would really like to see the feature implemented, at least to some reasonable extent, similar to the PS4 boost feature or even the new FPS boost for older games but applied to older games that did not get an upgrade to OneX/SeriesX. Seeing One X running games without limits could really be quite interesting. in fact, Rainbow Six can be played beyond 60 fps by manually disabling VSync (it is an option in the game's menu). Well... at least we have PCs as you mentioned!

 

[CompSciOrBust]

Unlocking framerates probably isn't possible without an exploit but there is (or at least was) a method to overclock the Xbox One by putting some files on a USB. Iirc the files didn't actually do anything, the console would just check that a file with that name existed and overclock if it was. It wasn't documented to maybe it was a leftover debug function? (wouldn't be the first time MS has accidentally left debug options in the retail build of the OS). I'll see if I can find them for you. I first saw them in the XDE Discord server but that got deleted last year.

Edit: @Pelochus take a look at this. I think it's the same thing. https://gbatemp.net/threads/overclock-your-xbox-one.568741/

Edit 2: After reading the thread it seems the method no longer works

Edit 3: TitleOS sent me the file. Screenshot of messages attached.

 

[Pelochus]

Unlocking framerates probably isn't possible without an exploit but there is (or at least was) a method to overclock the Xbox One by putting some files on a USB. Iirc the files didn't actually do anything, the console would just check that a file with that name existed and overclock if it was. It wasn't documented to maybe it was a leftover debug function? (wouldn't be the first time MS has accidentally left debug options in the retail build of the OS). I'll see if I can find them for you. I first saw them in the XDE Discord server but that got deleted last year.

Wow, that's actually interesting. Wonder if it was possible to make it friendlier, adding a simple app to change the OC profile or something like that... Still, pretty cool to see that, hope someone discovers a new way to do that, it is already patched. Anyway, thank you!

 

[CompSciOrBust]

Wow, that's actually interesting. Wonder if it was possible to make it friendlier, adding a simple app to change the OC profile or something like that... Still, pretty cool to see that, hope someone discovers a new way to do that, it is already patched. Anyway, thank you!

You could probably have made a homebrew app to swap out the files either from dev mode or as a private MS Store app that you could install in retail mode, you'd still need to reboot after swapping the config ig. Now that it's patched I'm doubtful we'll see it again. Microsoft leaves all sorts of crap from debug builds in the retail releases and doesn't remove them unless they become public knowledge. At one point it was entirely possible to run a semi-cfw by placing a file on the hard drive because there was a debug function that would load a hard coded path as the Game / App OS.
https://xosft.dev/wiki/external-vbi-loading/

 

[Kopimist]

Unlocking framerates probably isn't possible without an exploit but there is (or at least was) a method to overclock the Xbox One by putting some files on a USB. Iirc the files didn't actually do anything, the console would just check that a file with that name existed and overclock if it was. It wasn't documented to maybe it was a leftover debug function? (wouldn't be the first time MS has accidentally left debug options in the retail build of the OS). I'll see if I can find them for you. I first saw them in the XDE Discord server but that got deleted last year.

Edit: @Pelochus take a look at this. I think it's the same thing. https://gbatemp.net/threads/overclock-your-xbox-one.568741/

Edit 2: After reading the thread it seems the method no longer works

Edit 3: TitleOS sent me the file. Screenshot of messages attached.View attachment 289466

Yeah i use this method on my Xbox One which hasn't been online since 2019. Can confirm it works well to decrease loading times etc but it was patched out afaik. My xbox won't being going online anytime soon for this reason lol. As for a new method of overclocking I'd love to see it done. I mean in theory it can be done at the hardware level but software wise will be a lot trickier as it woukd require a public exploit beyond just userland.

Using crystal oscillators it could be done in theory but very risky.

 

[Torus]

Yeah i use this method on my Xbox One which hasn't been online since 2019. Can confirm it works well to decrease loading times etc but it was patched out afaik. My xbox won't being going online anytime soon for this reason lol. As for a new method of overclocking I'd love to see it done. I mean in theory it can be done at the hardware level but software wise will be a lot trickier as it woukd require a public exploit beyond just userland.

Using crystal oscillators it could be done in theory but very risky.

A hardware overclock these days is almost impossible on any console. Not only due to the hardcore circuit modifications, but also because probably (haven't had time to check it yet) the PMIC or some similar IC runs checks on physical parameters to prevent fault injection attacks

 

[Kopimist]

Ah good to know. Didn't realize that was a thing these days

 

[CompSciOrBust]

TX has an unpatchable exploit for the og xbox one model (not sure about revisions) that could maybe be used in place of the usb method but I doubt we will see that any time soon after the recent legal issues they've faced. I know several people in TX who have seen it in action and confirmed that it's real.

 

[Carltrek]

Using crystal oscillators it could be done in theory but very risky.

It would make everything out of tune even for very simple machines like a Commodore 64, as lots of chips and peripherals rely on the clock signal derivated from the main oscillator.

 

[Torus]

TX has an unpatchable exploit for the og xbox one model (not sure about revisions) that could maybe be used in place of the usb method but I doubt we will see that any time soon after the recent legal issues they've faced. I know several people in TX who have seen it in action and confirmed that it's real.

Very interesting, sounds like a bootloader vuln and/or FI involved, and considering the PSP has already been exploited publicly and TX's experience glitching the Switch bootloader, I wouldn't be surprised if it's the case!

 

[Kopimist]

TX has an unpatchable exploit for the og xbox one model (not sure about revisions) that could maybe be used in place of the usb method but I doubt we will see that any time soon after the recent legal issues they've faced. I know several people in TX who have seen it in action and confirmed that it's real.

If thats indeed true, good luck getting a hold of the details of that exploit now. TX is dead RIP.

I would love to see some overclocking on the Xbox One on newer firmwares. That would be epic!

I honestly think we're a ways away from that without a public exploit of any kind though. The USB method was because of a total eff up on m$'s part. They left that debug flag unencrypted.

 

[Pelochus]

You could probably have made a homebrew app to swap out the files either from dev mode or as a private MS Store app that you could install in retail mode, you'd still need to reboot after swapping the config ig. Now that it's patched I'm doubtful we'll see it again. Microsoft leaves all sorts of crap from debug builds in the retail releases and doesn't remove them unless they become public knowledge. At one point it was entirely possible to run a semi-cfw by placing a file on the hard drive because there was a debug function that would load a hard coded path as the Game / App OS.

Still not too advanced, but at least there is (or was) some progress on hacking the XO, very interesting. Hope we will see some advancements on that in the near future.

 

[Pelochus]

Yeah i use this method on my Xbox One which hasn't been online since 2019. Can confirm it works well to decrease loading times etc but it was patched out afaik. My xbox won't being going online anytime soon for this reason lol. As for a new method of overclocking I'd love to see it done. I mean in theory it can be done at the hardware level but software wise will be a lot trickier as it woukd require a public exploit beyond just userland.

Using crystal oscillators it could be done in theory but very risky.

Have you tried any games that run poorly? Would love to see what kind of improvements can be achieved with the OC, you could try to compare some games that have been analysed by some channels like Digital Foundry or ElAnalistaDeBits to see if there is any appreciable difference with a naked eye

 

[Pelochus]

If thats indeed true, good luck getting a hold of the details of that exploit now. TX is dead RIP.

I would love to see some overclocking on the Xbox One on newer firmwares. That would be epic!

I honestly think we're a ways away from that without a public exploit of any kind though. The USB method was because of a total eff up on m$'s part. They left that debug flag unencrypted.

Why did they say nothing about the exploit? They could have announced something about it, or make some details public to encourage truly hacking the console. Seems weird to me. Let's see if someone re-discovers that exploit or just someone at TX leaks the details after the possible death of TX.

 

[Kopimist]

Have you tried any games that run poorly? Would love to see what kind of improvements can be achieved with the OC, you could try to compare some games that have been analysed by some channels like Digital Foundry or ElAnalistaDeBits to see if there is any appreciable difference with a naked eye

I know for a fact theres a difference in how Doom 2016 runs. I need to get a new USB stick as my current one broke but once I do I'll make a comparison video of running different games with and without the overclock.

I just wish there was a way to actually benchmark this stuff and also know what clock speed its running at. That would be interesting to know

 

[Pelochus]

I know for a fact theres a difference in how Doom 2016 runs. I need to get a new USB stick as my current one broke but once I do I'll make a comparison video of running different games with and without the overclock.

I just wish there was a way to actually benchmark this stuff and also know what clock speed its running at. That would be interesting to know

Looking forward to that video. Keep us informed!

 

[CompSciOrBust]

Very interesting, sounds like a bootloader vuln and/or FI involved, and considering the PSP has already been exploited publicly and TX's experience glitching the Switch bootloader, I wouldn't be surprised if it's the case!

If thats indeed true, good luck getting a hold of the details of that exploit now. TX is dead RIP.

I would love to see some overclocking on the Xbox One on newer firmwares. That would be epic!

I honestly think we're a ways away from that without a public exploit of any kind though. The USB method was because of a total eff up on m$'s part. They left that debug flag unencrypted.

Why did they say nothing about the exploit? They could have announced something about it, or make some details public to encourage truly hacking the console. Seems weird to me. Let's see if someone re-discovers that exploit or just someone at TX leaks the details after the possible death of TX.

I don't have the technical details but I know roughly which area of the system it targets. The exploit takes place after the boot process, I guess it's unpatchable because patching it would break compatibility with old software. I'm not going to give away too much detail because if I do I might not get private info in the future. I heard they were having trouble trying to monetize it in a way that couldn't be easily stolen by other people and since their Switch chips were selling well it wasn't a priority. They aren't going to just give it away because they're TX, I don't think they've gave stuff away for free once in their 20 year history.

As for the PSP being exploited. I don't think that has happened on the Xbox? It uses the same PSP as the PlayStation but the vulnerability what was documented needs UART or SPI to be enabled, which is enabled on PlayStation but only rare Xbox devkits have it enabled (the god boxes documented here https://titleos.dev/xdk-buying-guide/ ).