Luckily he hadn't updated the firmware so the vulnerability wasn't patched on his device, but despite that, it took a long time and was not easy. But like this newer vulnerability, it would almost be impossible if he had also used a strong passphrase, as Trezor recommends.
https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-...
Luckily he hadn't updated the firmware so the vulnerability wasn't patched on his device, but despite that, it took a long time and was not easy. But like this newer vulnerability, it would almost be impossible if he had also used a strong passphrase, as Trezor recommends.