In what capacity are the passwords used?
If they are used in lieu of a game save then that changes the approach needed compared to just being a bonus mode unlock sort of thing, which in turn changes if they are supposed to be paid for DLC or something.
I imagine it is bonus modes. These can be some of the more annoying to figure out as there are many ways. It is possible that there is some plaintext file in the ROM with a nice list of the passwords, however that would be bad coding on the part of the devs (not that game devs are overly concerned with security and my tangles with the DS entries in this series did not leave me with the greatest respect for the coders). If a coder stored passwords that were supposed to be secure in plain text like that then I would fire them on the spot, and probably fire the person that hired them as well.
If I got to do this on a system with proper debugging capability (like the DS or GBA) then I would instead attack the password screen or saves if it is unlocked and stored in the save.
The save would probably be the easier method for this. Likely as it just has a flag, table or something in it that covers what has been unlocked.
The password screen likely takes the password, checks it against the list of ones it has (though there could be things it has to do first) and then either returns bad password or unlocks the thing you want. If they are doing multiple passwords then the unlock is probably a function as well (you tell the game unlock value #blah rather than have individual lines of code for each). Trying to follow this on the limited debugging setups available for the 3ds would be a pain though so you will likely have to go manual and look more at the static disassembly.
