Re: Just wondering
You could also "hack" the RTC chip (theoretically).
Another attack is done using NAND flashing - in which the chip is backed-up at zero passcode attempts, then the iPhone is bruteforced until it gets locked out, at which the NAND is restored ... Sort of like savestates in an emulator.