Why on earth would someone want bruteforce a 4 digit pin

Recently, a friend and I were looking on recovering data on a Samsung S21, so the factory reset was out of the question because newer Samsung phones comes with default full disk encryption using AES-256. Even after reset, we would not be able to run traditional data recovery software without the 256 bits key. This key is stored by the Knox chip on Samsung devices, and is randomly changed at every factory reset for obvious privacy protection purposes. The 4 pin passcode to unlock the phone seem to be our only way in.

As phone are not supposed to let everyone trying every passcode possible in, a waiting time is implemented that require the user to wait between each time. Our maximum waiting time at the moment is 16 minutes and it does not seem to go up (at least we did not try enough yet...), so based on this waiting time :

10000 × 16 24 × 60 = 111.11 . . .

111 days is not so bad, so we decided to give it a try. Using a sorted list of 4 digit codes by probability, we decided to give it a try using a raspberry pi pico.

But why using this complicated (yet so cute) microcontroller

I lied, using a raspberry pico is not complicated, it is really versatile as it can run python, c and c++ programs.
However, understanding how HID (Human Interface Devices, Human Input Device, Hardware Interface Device, etc...) codes are used to emulate a key press on a computer was an unexpected source of fun.

A pico was our way to go, because we wanted to implement a light sensor to detect when the phone was unlocked, by seeing the screen lighting up longer than when unlock fails. Even if we did not had time to implement this yet, we prepared the pico to have an extension. GPIO 25 is HIGH when code is being typed and drops down when the keyboard ends its emulation. That way, we could add another pico (that could read the UART out to get the last code entered) to monitor the success of our bruteforce, without having stop the bruteforce process.