hexkyz/boot1_boot_info_pseudocode.c

## boot1_boot_info_pseudocode.c
// Do some boring stuff
...

// Decrypt PRSH/PRST with Starbuck ancast key
sub_D400320(0x10000400, 0x7C00, iv);

// Parse PRSH/PRST
sub_D40B030(0x10000400, 0x7C00);

// Locate or create new "boot_info"
sub_D40AF10(0);

// RTC SLEEP_EN is raised
if ((rtc_events & 0x01E00001) == 0x00200000)
{
	*(u32 *)boot_info_08_addr = 0;

	// Read from boot_info + 0x08
	u32 result = sub_D40AB84(boot_info_08_addr);

	// Got boot_info_08
	if (result == 0)
	{
		u32 boot_info_08 = *(u32 *)boot_info_08_addr;
		rtc_events |= (boot_info_08 & 0x101E);
	}
}
else
{
	// Mask boot_info_04 with 0xBFFFFFFF
	sub_D40AE4C();

	// Mask boot_info_04 with 0xF7FFFFFF and set some other fields
	sub_D40AC7C();
}

// Set boot_info_08
sub_D40AC30(rtc_events);

// Do even more boring stuff
...

// Write to boot_info_38
sub_D40AD2C(0x00, time_boot1);

// Write to boot_info_3C
sub_D40AD2C(0x01, time_boot1_load_fw);

// Write to boot_info_40
sub_D40AD2C(0x02, time_boot1_verify_fw);

// Write to boot_info_44
sub_D40AD2C(0x03, time_boot1_decrypt_fw);

// Write to boot_info_48
sub_D40AD2C(0x04, time_boot0);

// Write to boot_info_4C
sub_D40AD2C(0x05, time_boot0_load_boot1);

// Write to boot_info_50
sub_D40AD2C(0x06, time_boot0_verify_boot1);

// Write to boot_info_54
sub_D40AD2C(0x07, time_boot0_decrypt_boot1);

// Set flag 0x04000000 in boot_info_04
sub_D40ABCC();

// Increase boot_info_0C by 1
sub_D40AEB0();

// Run fw.img
...
	// Do some boring stuff
	...

	// Decrypt PRSH/PRST with Starbuck ancast key
	sub_D400320(0x10000400, 0x7C00, iv);

	// Parse PRSH/PRST
	sub_D40B030(0x10000400, 0x7C00);

	// Locate or create new "boot_info"
	sub_D40AF10(0);

	// RTC SLEEP_EN is raised
	if ((rtc_events & 0x01E00001) == 0x00200000)
	{
	(u32 )boot_info_08_addr = 0;

	// Read from boot_info + 0x08
	u32 result = sub_D40AB84(boot_info_08_addr);

	// Got boot_info_08
	if (result == 0)
	{
	u32 boot_info_08 = (u32 )boot_info_08_addr;
	rtc_events \|= (boot_info_08 & 0x101E);
	}
	}
	else
	{
	// Mask boot_info_04 with 0xBFFFFFFF
	sub_D40AE4C();

	// Mask boot_info_04 with 0xF7FFFFFF and set some other fields
	sub_D40AC7C();
	}

	// Set boot_info_08
	sub_D40AC30(rtc_events);

	// Do even more boring stuff
	...

	// Write to boot_info_38
	sub_D40AD2C(0x00, time_boot1);

	// Write to boot_info_3C
	sub_D40AD2C(0x01, time_boot1_load_fw);

	// Write to boot_info_40
	sub_D40AD2C(0x02, time_boot1_verify_fw);

	// Write to boot_info_44
	sub_D40AD2C(0x03, time_boot1_decrypt_fw);

	// Write to boot_info_48
	sub_D40AD2C(0x04, time_boot0);

	// Write to boot_info_4C
	sub_D40AD2C(0x05, time_boot0_load_boot1);

	// Write to boot_info_50
	sub_D40AD2C(0x06, time_boot0_verify_boot1);

	// Write to boot_info_54
	sub_D40AD2C(0x07, time_boot0_decrypt_boot1);

	// Set flag 0x04000000 in boot_info_04
	sub_D40ABCC();

	// Increase boot_info_0C by 1
	sub_D40AEB0();

	// Run fw.img
	...