diff --git a/Source/Core/Core/Boot/Boot.cpp b/Source/Core/Core/Boot/Boot.cpp
index aecfe96ac8..864db0667e 100644
--- a/Source/Core/Core/Boot/Boot.cpp
+++ b/Source/Core/Core/Boot/Boot.cpp
@@ -188,9 +188,28 @@ bool CBoot::Load_BS2(const std::string& _rBootROMFilename)
 	// Run the descrambler over the encrypted section containing BS1/BS2
 	CEXIIPL::Descrambler((u8*)data.data()+0x100, 0x1AFE00);
 
+	// TODO: Execution is supposed to start at 0xFFF00000, not 0x81200000;
+	// copying the initial boot code to 0x81200000 is a hack.
+	// For now, HLE the first few instructions and start at 0x81200150
+	// to work around this.
 	Memory::CopyToEmu(0x01200000, data.data() + 0x100, 0x700);
 	Memory::CopyToEmu(0x01300000, data.data() + 0x820, 0x1AFE00);
-	PC = 0x01200000;
+	PowerPC::ppcState.gpr[3] = 0xfff0001f;
+	PowerPC::ppcState.gpr[4] = 0x00002030;
+	PowerPC::ppcState.gpr[5] = 0x0000009c;
+	PowerPC::ppcState.msr = 0x00002030;
+	PowerPC::ppcState.spr[SPR_HID0] = 0x0011c464;
+	PowerPC::ppcState.spr[SPR_IBAT0U] = 0x80001fff;
+	PowerPC::ppcState.spr[SPR_IBAT0L] = 0x00000002;
+	PowerPC::ppcState.spr[SPR_IBAT3U] = 0xfff0001f;
+	PowerPC::ppcState.spr[SPR_IBAT3L] = 0xfff00001;
+	PowerPC::ppcState.spr[SPR_DBAT0U] = 0x80001fff;
+	PowerPC::ppcState.spr[SPR_DBAT0L] = 0x00000002;
+	PowerPC::ppcState.spr[SPR_DBAT1U] = 0xc0001fff;
+	PowerPC::ppcState.spr[SPR_DBAT1L] = 0x0000002a;
+	PowerPC::ppcState.spr[SPR_DBAT3U] = 0xfff0001f;
+	PowerPC::ppcState.spr[SPR_DBAT3L] = 0xfff00001;
+	PC = 0x81200150;
 	return true;
 }