When I wrote the 'LockPicker' payload for P4wnP1, the intention was how things could be combined.
Cracking isn't the best idea on neither of the two devices.
Btw. I used JtR Jumbo in its default setting, which means it isn't a pure dictionary attack, but goes on with pattern based bruteforcing. In fact the behavior of JtR could be modified per config file, which I haven't done for the LockPicker demo.
Now as P4wnP1 is able to join an Internet connected WiFi AP and connect to an external SSH server, it wouldn't be a big problem to load up a captured hash to a more powerfull applience. The remotely cracked credentials could than be downloaded again and used to unlock the target.
I'm not willing to implement such payloads for P4wnP1, as it is meant to be a framework.
A demo using the AutoSSH feature to bring up a remote shell (only communicating through a USB HID interface with the target) and relay it to an external SSH server is in the P4wnP1 repo, which shows the basic capabilities.
This unfortunately can't be done with BB due to its hardware limitations.
Here's a tweet with a picture on the basic idea