I'm not a crypto expert so take what I say with a grain of salt, but...
The password is tangled with the UID burned into the device at its creation, creating the 'passcode key' that secures the phone[0].
If extracting the UID is somehow possible, it doesn't sound impossible to try all 10,000 combinations (assuming the a 4-digit passcode is used) offline, on different software.
One would hope that the part where this UID is stored at least have all the basic tamper proof protections so it self destructs if tampered with, such as e.g. many SIM cards does.
The password is tangled with the UID burned into the device at its creation, creating the 'passcode key' that secures the phone[0].
If extracting the UID is somehow possible, it doesn't sound impossible to try all 10,000 combinations (assuming the a 4-digit passcode is used) offline, on different software.
[0] - http://blog.cryptographyengineering.com/2014/10/why-cant-app...