Sydney

 Sydney appears to be a revision of New Orleans. Where they fixed the password in memory.

Once again I start with entering a null password, and once again I get invalid password.

RESET

BREAK MAIN

continue to main

Here we have main, which it looks like it adds ff9c to sp, not immediately known why to me.

Then puts "Enter the password to continue" to the screen, then gets password. Followed by the check password function, followed by a similar tst r15 > jnz as New Orleans.

I'll continue to get password and enter in a test password.

Once returned to main, looking at memory I see our password is stored at 449c, which is currently stored in out stack pointer. sp is then moved into r15, and then we run check password. continue to check password and step into it.

Here is the check password function:

It looks like they are comparing my input string two bytes at a time. If the cmp fails, it jumps to the end, clears r14, moves r14 into r15, then returns to main.

My test password will obviously fail, but if I look at this, it looks like my password will need to be 0x7b6b26424f5b

RESET

Break Main

continue to main

Then continue once more to password prompt.

Here I input what I suspect is the password and hit send. I then continue to the check password function and step in.

Here I can see r15 pointing to my password as expected, and the cmp bytes line up, so I should walk right down and hit the mov instruction. However, when I step trough, the jnz fails and jumps down to 44ac, clears everything out, then returns to main. Thinking there is a typo, I reset, retry, same thing.

Looking closer I notice two items:

First, it looks like the byte order is reversed in this column. I'll take little endianness into consideration,  since New Orleans checked one byte at a time, it wasn't needed? However since we are doing two bytes at a time, we might be running into a little E problem?

Second issue, I was too hasty with my review, and it looks like I missed the cmp 0x2f5e after the move, so I'll add that in as well.

RESET

continue and enter password

Continue through until check password function and step through.

Here I reversed my bytes, in two byte chunks, and as I step through, the jeq instruction jumps me over the clr r14, instruction. Moves r14 int r15 and returns me to main.

We run through tst r15, and the jnz takes us down to 445e where we put "Access Granted" to screen and continues on to unlock the door.

Notes:

Nothing here was too surprising to me overall. The functions are so conveniently named that it really speeds up understanding what they are doing. 

My biggest struggle is that I don't understand why little endian vs big endian even exists. I have yet to hear what monster invented little endianness and why, and why some architectures use big and other little, or even if things like x86 could use big or little depending on the situation. usually if my bytes don't line up, at this point at least, I assume endianness is messing them up first and try to identify how I need to account for it. Someone please explain it better than the silly online CS courses' definitions that make it as clear as mud!