If it’s an iPhone, the data is encrypted with a key derived from the PIN and a random key that is baked into the phone’s CPU. The CPU has instructions for encrypting and decrypting with this secret key but no instruction for reading the key directly. Short of decapping the chip and going in with an electron microscope to figure out what this key is, your only option is to brute force on the phone’s own CPU. But that CPU won’t run software that isn’t signed by the manufacturer, and that software imposes ever-increasing timeouts when unlock attempts fail.
So why don't they decap the chip and go in with an electron microscope? Has that type of exploit ever been successfully used against modern devices, or is it only a theoretical vulnerability?
How much time and effort would it take to go from a chip under an electron microscope to the embedded crypto key, though? Seems like a substantial reverse engineering effort. (Although only for the first time you do a particular type of chip.)
An electron microscope alone won’t work not to mention you have a high likelihood of damaging to chip as the voltage of the electrons deposited on the sample can exceed what the IC can tolerate.
You need a cryo probing station of some sort I’m not sure if these even exist for 12/10/7nm logic yet.
Usually, you don't want to work with the original, only on copies. Here we are talking about a one shot attempt to get info by destroying the hardware... I can see those people searching for any other way first.
