This applies to later models of iPhone; the 5c doesn't have a secure enclave. All password attempt limiting and erasure of data is implemented by the operating system.

The 5c still has the secret UID baked into the chip.

The escalating artificial delays are implemented by the OS and can be circumvented, but the secret UID is designed to make it impossible to extract.

Without that UID, then you're brute-forcing a 256-bit AES key, not a 4-6 digit passcode. Practically, the brute forcing can only be done on the actual iPhone.

The iPhone in question doesn't have Secure Enclave, but has similar principles to it. Like others have said, the users password is entangled with a key unique to the phone, which can't be read through software.

On iPhones with Secure Enclave, not only is the device-specific key stored there, but also the logic which keeps track of the number of and time between repeated failed attempts. On older iPhones, this logic is a part of iOS itself, hence why Apple is capable of overriding it with a modified iOS.