I'd wager 100<n<1000. This requires a specific skillset of low-level reversing and hardware hacking but I wouldn't put it past anyone who is smart and driven to understand how things work.
It requires a skillset which IMHO is actually not so rare particularly in parts of China and Russia, where hacking these systems is part of how all the unofficial repair shops can survive.
In fact I wouldn't be surprised if this particular task, extracting the boot ROM, was already done long ago by a few groups but not publicised --- Apple's bounties may seem enticing, but these people know it's the end if they tell Apple; they'd rather keep it secret and use those "holes" to keep investigating and sell their results to repair shops, which may ultimately yield far greater profit.
I think parent is confusing the 10x engineer (which this guy obviously is) with a one-in-a-million engineer.
Not to talk down Ramtin's achievements (I think his work is awesome), but hardware hacking is significantly easier these days when you can buy a JTAG dongle + software for less then $10 and order a high quality PCB with another $10-20.
That seems reasonable to say there are that many people who could already do it, with minimal learning curve.
I agree with the former especially because of the latter half, I'm quite sure I could never do this today, but, I'm also quite sure I could learn to do this if I wanted to (and was willing to accept all the soldering burns I inevitably inflict on myself every time I try to solder something)
This is significantly harder than most hardware hacking (it requires hardware-level interaction with a pretty complicated bus) --- at the point where you're doing custom FPGA work to get bus access...
This is purely my personal belief as a software developer with an EE degree, but I strongly believe hardware hacking skills are logarithmic in difficulty.
Those first few steps to get good with the tools are the hardest. Everything else past that is getting better with better - and potentially more expensive - tools.
In fact I wouldn't be surprised if this particular task, extracting the boot ROM, was already done long ago by a few groups but not publicised --- Apple's bounties may seem enticing, but these people know it's the end if they tell Apple; they'd rather keep it secret and use those "holes" to keep investigating and sell their results to repair shops, which may ultimately yield far greater profit.