Well, that's a damn sight easier than they could've made it.
Your first boon: they didn't lock the Flash, or encrypt it (not that there's any real-time decryption capacity to speak of on an 8-bit CPU, lol), or disable the programming port(s).
Second boon: AVR is one of the more pleasant dialects to read and understand. Uh... if you aren't familiar with the ISA (Instruction Set Architecture), that'll be a bit of a missed point for you, understandably... but if you're familiar with any assembly, you should be able to get a good feel for it with a couple weeks' study, and if only programming generally, maybe some months.
Assuming they used most of the 1280's available program memory, you'll have a pretty good chunk of time picking out all the various subroutines, function calls, data paths... but it's by no means impenetrable.
Mind, heh, I do say this with the bias of mainly having looked at my own output (symbols included), not completely bare and scrubbed binary. It will be quite some work to reconstruct all that, of course.
Ease of disassembly, is reasonably true for the most popular flavors of MCU; depending on age, it could've also been 8051, Z80, 68k, x86, MIPS, or a few others; and especially these days, ARM.
I'm not sure about AVR offhand, but ARM, x86 and many others are well supported by disassembly and decompilation tools such as Ghidra. The asm might be a bit more opaque to read (particularly some of the instruction ordering say with MIPS, I think?), but the decomp is -- well, you still don't get any symbol names, but formatted C code is a far sight better than the alternatives, especially if you're not well versed in the ISA itself. That, and the instant cross-referencing and refactoring, makes analysis so much easier.
As for just trying to figure out the interested function straightaway, the most likely candidates would be a serial port somewhere, or jumpers or dip switches to activate a service mode, or some password to enter on the main menu, or some sequence of button presses to unlock a hidden menu, or etc. Lots of possibilities of course. If it's a password, you might find a string somewhere in .data (usually near top of Flash), or .progmem (usually near the bottom). It might also be checked by a sequence of compare instructions, or alternating loads and compares, or a limited crypto sort of function might be employed that uses a lot of eor instructions which can give some direction on where to look (but mind that eor rn, rn is commonly used as ldi rn, 0 shorthand, depending on compiler version or asm author, so it's not very specific). Snooping around relevant code sections (be careful to try and spot pointers and addresses, try to backtrack along code and data paths; very hard in raw hex, easier disassembled) may lead you to a data path or state machine (esp. to do with menus?) that allows access.
If it's via serial port or whatever, it might be tricky to figure out, just because they needn't put any feedback in; it could be a binary comm channel for example, without even a terminal echo to tell what the baud rate is. If you're lucky, it's just wide open, plain text, it blinks out some data on startup, the baud is standard, and they have a service menu and everything right at your fingertips.
Tim