Just had a thought: couldn't you copy the encrypted phone, run it in 10000 emulators and try a different PIN in every emulator? If the problem really is just a 4 digit PIN, that should work?
Or is the flash memory and the flash memory controller doing the decryption entangled on a single chip so that they can not be physically separated?
Or is the flash memory and the flash memory controller doing the decryption entangled on a single chip so that they can not be physically separated?