Please start with Part 1 on the PIF I'm going to make some assumptions about what was learned there. Especially regarding setting and using breakpoints as well as how the code addresses may jump around due to optimizations.
bpset A4000040 // Cart Startup Code
bpset A4000060 // Coming back to this code?
bpset A4000410 // Big jump at the start of the code.
bpset 80000000 // Peripheral Interface Function
Start Stepping:
A400 0040 - A400 0048
Clear Coprocessor registers to zero Cause, Count, Compare
A400 004C - A400 005C
Read RDRAM RI_SELECT_REG if NON zero branch to initialization routine 0xA400 0410
A400 0060 - A400 040C
????
A400 0420 - A400 0424
Clear Coprocessor registers to zero TagLo, TagHi
A400 0410 - A400 0434
Setup some Cache Store Tag in the range 8000 0000 - 8000 3FE0
32 Bytes at a time.
Finish Store Tag the Cache in the range 8000 0000 - 8000 3FE0
A400 0438 - A400 0454
Invalidate the Cache in the range 8000 0000 - 8000 1FF0
16 Bytes at a time
A400 0458 - A400 04AC
Move Data 696 Bytes :
A400 04C0 -> A000 0000
A400 04C4 -> A000 0004
A400 04C8 -> A000 0008
...
A400 0774 -> A000 02B4
A400 04B0 - A400 04BC
Execute Subroutine @ 8000 0000
8000 0000 - 8000 0050
Focused on the Peripheral Interface (Cartridge)
8000 0000 - 8000 0004
Get the Cart Game Start Location 8000 1000
8000 0008 - 8000 0018
Set the PI DRAM Address to Physical Address 0000 1000 (Yes 0000)
8000 001C - 8000 002C
Loop until PI IO Busy Status is Zero
8000 0030 - 8000 0040
Set the PI Cartridge Address to Physical Address 1000 1000
8000 0044 - 8000 0050
Set the PI Write Length to 0x000F FFFF aka 1 MB
8000 0054 - 8000 00C0
nop's to let the Cartridge 1 MB copy complete.
This space is also interesting because the MIPS manuals say the Exception Handler should be at 8000 0080 which is in the middle of this space?
8000 00C4 - 8000 00D4
Check PI DMA Register - Loop until zero (Loop includes nop's)
8000 00D8 - 8000 00EC
Setup a big multiply 5D588B65 * 3F = 16 F8CA 4DD8
8000 00F0 - 8000 00FC
Save a couple of registers to the Stack
8000 0100 - 8000 02A0
8000 02A4 - 8000 02AC
Jump Register 8000 1000
8000 0494 - 8000 049C
MAME hangs on this line for libn64 (12/14/2017 work in progress)
COUNT = 1B8 5B0C