I forgot my phones lock screen password. Willing to do or learn what it takes to open

[myownsummer]

For context I have a Oneplus 9R running on Android 14 that has its lock screen locked its a 6 digit numeric pin, I know the first two digits but have mistyped the rest. I cant access the files because of android usb debugging needing permissions to access the files (requiring the phone to be unlocked). So even if my goal was to recover my files it wouldnt be possible unless someone can also recommend me a way to bypass usb debugging so I can at least just backup my files and reset the phone to factory settings.

I've scoured the forums for any guide or previous instances but its so few and the last working guide was only running android 5 and is on a samsung device. I know I need a "hash" or something which was very confusing for me because the previous guide required the phone to be unlocked and access its files to find the "hash" which to me defeats the purpose of recovering your password if your phone is already unlocked am I missing something here? 

I have a windows 11 pc with a ryzen 5 5600g processor and using its integrated gpu which is equivalent to NVIDIA GT 1030. But can also rent a high end pc if needed. This phone is everything to me I am willing to wait and learn I dont care how long it takes I just need to know how do I do it. Please help me.

[datarecovery.com]

On Android 14, the PIN doesn't just lock the screen — it's cryptographically tied to the file-based encryption (FBE) key through the hardware-backed Trusted Execution Environment (TEE). You can't get to the data without either the PIN or a TEE exploit. This is why the guides you found are ancient and Samsung-specific — they applied to Android 4/5 before Google overhauled the security model entirely.
The "hash" approach doesn't apply here
Old Android stored a simple hash of the gesture/PIN in /data/system/. Pull the file, crack the hash, done. Android 5+ moved credential verification into Gatekeeper (a TEE service), meaning the "hash" is now hardware-bound key material inside the secure enclave — not a file you can pull. Your confusion about "needing the phone unlocked to get the hash" is actually correct for old methods; it's not a paradox, it's just those methods being obsolete.
USB debugging, no not gonna work..ADB requires the you to physically accept an RSA key authorization prompt on the unlocked screen. No way around that on a stock, unrooted Android 14 device. No prior authorization means no ADB access, period.
EDL mode (Qualcomm Emergency Download): The OnePlus 9R uses a Snapdragon 870 (Qualcomm), so EDL is accessible. A raw NAND dump is possible in principle — but the data is encrypted with FBE. Without the PIN to derive the decryption key via the TEE, the dump is unreadable ciphertext. You'd still be stuck. Chip-off: Same problem. Encrypted at rest.
On-device brute force: With 2 known digits there are 10,000 remaining combinations, but Gatekeeper enforces escalating delays and can trigger a factory wipe after repeated failures. You can't bypass that without TEE access.
TEE/Gatekeeper exploit: Theoretically the only real path — but these are device-specific, not publicly known for the OnePlus 9R on Android 14, and in practice reserved for nation-state forensics tools (Cellebrite, etc.) that may or may not support this device/OS combination.
Unfortunately this is essentially unrecoverable through any standard or semi-standard forensic approach. The modern Android FBE + TEE was specifically designed to make this impossible, and it largely succeeds. Even if you dumped the chip, you'd have encrypted data with a hardware-bound key you can't reach without the PIN. Unless a public TEE vulnerability surfaces for this specific SoC/Android version combination, there's no practical path to the data.