The iPhone in question doesn't have Secure Enclave, but has similar principles to it. Like others have said, the users password is entangled with a key unique to the phone, which can't be read through software.
On iPhones with Secure Enclave, not only is the device-specific key stored there, but also the logic which keeps track of the number of and time between repeated failed attempts. On older iPhones, this logic is a part of iOS itself, hence why Apple is capable of overriding it with a modified iOS.
On iPhones with Secure Enclave, not only is the device-specific key stored there, but also the logic which keeps track of the number of and time between repeated failed attempts. On older iPhones, this logic is a part of iOS itself, hence why Apple is capable of overriding it with a modified iOS.