hexkyz · January 16, 2018 22:33
diff --git a/boot1_boot_info_pseudocode.c b/boot1_boot_info_pseudocode.c
 // Do some boring stuff
 ...

 // Decrypt PRSH/PRST with Starbuck ancast key
 sub_D400320(0x10000400, 0x7C00, iv);
 	
 // Parse PRSH/PRST
 sub_D40B030(0x10000400, 0x7C00);
 	
 // Locate or create new "boot_info"
 sub_D40AF10(0);

 // RTC SLEEP_EN is raised
 if ((rtc_events & 0x01E00001) == 0x00200000)
 {
 	*(u32 *)boot_info_08_addr = 0;
 		
 	// Read from boot_info + 0x08
 	u32 result = sub_D40AB84(boot_info_08_addr);
 		
 	// Got boot_info_08
 	if (result == 0)
 	{
 		u32 boot_info_08 = *(u32 *)boot_info_08_addr;
 		rtc_events |= (boot_info_08 & 0x101E);
 	}
 }
 else
 {
 	// Mask boot_info_04 with 0xBFFFFFFF
 	sub_D40AE4C();
 		
 	// Mask boot_info_04 with 0xF7FFFFFF and set some other fields
 	sub_D40AC7C();
 }

 // Set boot_info_08
 sub_D40AC30(rtc_events);

 // Do even more boring stuff
 ...

 // Write to boot_info_38
 sub_D40AD2C(0x00, time_boot1);

 // Write to boot_info_3C
 sub_D40AD2C(0x01, time_boot1_load_fw);

 // Write to boot_info_40
 sub_D40AD2C(0x02, time_boot1_verify_fw);
 	
 // Write to boot_info_44
 sub_D40AD2C(0x03, time_boot1_decrypt_fw);

 // Write to boot_info_48
 sub_D40AD2C(0x04, time_boot0);

 // Write to boot_info_4C
 sub_D40AD2C(0x05, time_boot0_load_boot1);

 // Write to boot_info_50
 sub_D40AD2C(0x06, time_boot0_verify_boot1);

 // Write to boot_info_54
 sub_D40AD2C(0x07, time_boot0_decrypt_boot1);
 	
 // Set flag 0x04000000 in boot_info_04
 sub_D40ABCC();
 	
 // Increase boot_info_0C by 1
 sub_D40AEB0();

 // Run fw.img
 ...
	// Do some boring stuff
	...

	// Decrypt PRSH/PRST with Starbuck ancast key
	sub_D400320(0x10000400, 0x7C00, iv);

	// Parse PRSH/PRST
	sub_D40B030(0x10000400, 0x7C00);

	// Locate or create new "boot_info"
	sub_D40AF10(0);

	// RTC SLEEP_EN is raised
	if ((rtc_events & 0x01E00001) == 0x00200000)
	{
	(u32 )boot_info_08_addr = 0;

	// Read from boot_info + 0x08
	u32 result = sub_D40AB84(boot_info_08_addr);

	// Got boot_info_08
	if (result == 0)
	{
	u32 boot_info_08 = (u32 )boot_info_08_addr;
	rtc_events \|= (boot_info_08 & 0x101E);
	}
	}
	else
	{
	// Mask boot_info_04 with 0xBFFFFFFF
	sub_D40AE4C();

	// Mask boot_info_04 with 0xF7FFFFFF and set some other fields
	sub_D40AC7C();
	}

	// Set boot_info_08
	sub_D40AC30(rtc_events);

	// Do even more boring stuff
	...

	// Write to boot_info_38
	sub_D40AD2C(0x00, time_boot1);

	// Write to boot_info_3C
	sub_D40AD2C(0x01, time_boot1_load_fw);

	// Write to boot_info_40
	sub_D40AD2C(0x02, time_boot1_verify_fw);

	// Write to boot_info_44
	sub_D40AD2C(0x03, time_boot1_decrypt_fw);

	// Write to boot_info_48
	sub_D40AD2C(0x04, time_boot0);

	// Write to boot_info_4C
	sub_D40AD2C(0x05, time_boot0_load_boot1);

	// Write to boot_info_50
	sub_D40AD2C(0x06, time_boot0_verify_boot1);

	// Write to boot_info_54
	sub_D40AD2C(0x07, time_boot0_decrypt_boot1);

	// Set flag 0x04000000 in boot_info_04
	sub_D40ABCC();

	// Increase boot_info_0C by 1
	sub_D40AEB0();

	// Run fw.img
	...