What Is Chip-Off Data Recovery and When Is It Necessary?
Chip-off data recovery physically removes NAND flash memory chips from the SSD circuit board and reads them on a dedicated chip reader, bypassing the controller. It is the last resort when the controller is destroyed beyond repair and cannot respond to any diagnostic commands.
This is not the first option. Firmware corruption recovery using the PC-3000 and board-level controller repair via JBC microsoldering are always attempted before chip-off. These methods preserve the original controller and, critically, any encryption keys stored inside it. Chip-off is only used when the controller silicon is cracked, burned, or otherwise unable to power on.
Chip-off is destructive. The NAND chips are permanently removed from the board. The drive cannot be reassembled or returned to service afterward. Once the chips are desoldered, there is no going back to controller-based recovery. This is why we exhaust all other options first.
How Does the BGA Rework Process Work?
BGA rework uses controlled heat profiles to desolder NAND packages from the PCB without thermal damage to the silicon die. Each chip is then read individually, and the raw data is reconstructed by decoding the controller's interleaving and error correction algorithms.
- 01
NAND Identification
NAND flash chips are identified and cataloged on the PCB. Manufacturer, part number, die configuration, and number of chips are recorded. This determines the correct reader adapter and decoding parameters.
- 02
Controlled Desoldering
A BGA rework station heats each NAND package at precise temperature profiles to melt the solder balls without exceeding the thermal limits of the silicon die. Overheating destroys the NAND. Underheating tears pads from the PCB. Both are irreversible.
- 03
Raw NAND Reading
Cleaned chips are placed in a chip reader (PC-3000 Flash reader or equivalent). Raw hex data is dumped from each chip. This data is scrambled; it is not a readable file system.
- 04
Interleaving and ECC Reconstruction
The controller's specific data interleaving pattern (how it striped data across multiple chips) must be reverse-engineered. ECC (Error Correction Code) algorithms are applied to correct corrupted pages. The Flash Translation Layer and block mapping are reconstructed manually.
- 05
File System Extraction
Once the logical data layout is rebuilt, the file system is extracted and verified against expected directory structures. Files are delivered on your choice of return media.
Why Chip-Off Fails on Modern Encrypted Drives?
Hardware encryption renders chip-off useless when the controller holding the decryption key is destroyed. The NAND contents are AES-256 ciphertext. Without the key from the controller's secure enclave, brute-forcing the encryption is computationally infeasible with any current or foreseeable technology.
- Apple T2 and M-Series Macs
- All NAND data is hardware-encrypted with a key stored in the Secure Enclave on the T2 chip or M-series SoC. The SSD storage is soldered to the logic board. If the controller (or the entire SoC) is destroyed, the encryption key is gone. Chip-off returns only encrypted garbage. For details on recovery options that preserve the controller, see our Apple T2 chip data recovery and M-series soldered NAND recovery pages.
- Samsung NVMe (980 Pro, 990 Pro)
- Samsung's Phoenix and Elpis controllers implement AES-256 hardware encryption by default, even without a user-set password. The Media Encryption Key lives in the controller's secure enclave. A dead controller means no key, no decryption, no data.
- Self-Encrypting Drives (TCG Opal)
- Enterprise and some consumer NVMe drives implement TCG Opal self-encryption. Same constraint: the encryption key is bound to the controller hardware.
- Where Chip-Off Works
- Older SATA SSDs without hardware encryption, USB flash drives, SD cards, microSD cards, and some budget NVMe drives that do not implement hardware encryption. On these devices, chip-off produces unencrypted raw data that can be reconstructed into a usable file system.
Be direct: If your drive uses hardware encryption and the controller is destroyed, no lab on earth can recover that data. Any company that tells you otherwise is either lying or planning to charge you an attempt fee for work they know will fail.
Chip-Off vs. Controller Repair: Which Do We Try First?
Controller repair is always attempted first. PC-3000 firmware recovery and board-level microsoldering preserve the original controller and its encryption keys. Chip-off is destructive, requires more labor, and has a lower success rate on encrypted drives. We escalate to chip-off only after confirming the controller cannot be revived.
The escalation path for every SSD that arrives at our lab follows a strict order. First, we attempt firmware corruption recovery using the PC-3000 to communicate with the controller in technological mode. If the controller responds, we recover data without touching the hardware.
If the controller does not respond, we move to board-level repair: JBC microsoldering to replace burned voltage regulators, rework cold solder joints on the controller BGA, or replace passive components. The goal is to restore enough controller functionality for PC-3000 access. If the controller silicon itself is cracked or burned through, and the drive does not use hardware encryption, chip-off is the final option.
We will tell you before starting chip-off if the drive uses hardware encryption. If it does, and the controller is beyond repair, we will tell you the data is unrecoverable rather than charge you for work that cannot succeed.
How Much Does Chip-Off Recovery Cost?
Chip-off is the most expensive recovery tier. Typical range is $800 to $1,500 or more, depending on the number of NAND chips, the controller's interleaving complexity, and the time required for data reconstruction. No data, no charge still applies. You receive a firm quote after a free evaluation.
Chip-off recovery: $800 to $1,500+. Free evaluation, firm quote, no data = no charge.
The cost is higher than firmware-level or controller repair recovery because chip-off requires physical desoldering, individual chip reading, interleaving reconstruction, and manual FTL rebuilding. A 4-chip SSD takes less time than a 16-chip enterprise drive with a complex striping pattern.
See our full SSD data recovery page for all pricing tiers and process details. Call (512) 212-9111 for a free evaluation.
Recovery Examples
Recovery examples from our lab are being documented and will be added here.
Frequently Asked Questions
What is chip-off NAND data recovery?
Does chip-off work on encrypted SSDs?
How much does chip-off recovery cost?
When should I choose chip-off vs controller repair?
Data Handling During Chip-Off Recovery
Chip-off recovery involves direct contact with raw NAND storage. Your SSD stays in our Austin lab throughout the process. All NAND reads and reassembly happen on air-gapped workstations with no network access. Recovered data is delivered on encrypted external media, and working copies are purged after you confirm receipt.
NDAs are available on request. Full data security details cover our chain-of-custody, encryption, and erasure protocols.
SSD controller destroyed?
Free evaluation. We will tell you honestly whether chip-off can recover your data. No data, no fee.