The main question is in the title. Some clarifications however:
When you factory reset your encrypted phone, the old one reto avoid eencryption key (DEK a) is deleted and a new encryption key (DEK b) is being generated to allow device encryption. The DEK is stored in the TEE (correct?). In this case, the PIN code before the factory reset was the default Android password (default_password).
Since flash storage is difficult to erase, let's say old key eencryption key (KEK) for the DEK (a) was found. The default Android password is known (default_password).
Given the process, on the way Android goes from DEK to KEK …
Previously, we encrypted the master key with a generated key by applying scrypt to the user's password and stored salt. In order to make the key resistant to out-of-box attacks, we extend this algorithm by signing the resulting key with a stored TEE key. The resulting signature is then transformed into a key of appropriate length by another scrypt application. This key is then used to encrypt and decrypt the master key. To store this key:[…]
… is it possible to decipher the old data? Now, obviously, the KEK can not decipher the DEK because it is no longer there (DEK (a) has been deleted), but is it possible to derive the lost DEK (a) with a given PIN (default_password) and the KEK found from the old encryption?
I've already found this thread, but I'm not sure the answer matches my question.