Sometimes, a Starlink terminal’s PCB can be so severely damaged that repair is impossible or impractical. However, in many cases, it’s still possible to salvage the terminal—or at least save the account details stored on the damaged unit. Various scenarios may arise, such as a valuable account, limited access to account management, or the high cost of purchasing a new terminal.
Saved account details can be transferred to an undamaged donor device. Donor Starlink units are typically found on eBay, similar marketplaces, or flea markets. These devices might be in perfect working condition, but have a lost or blocked original account. Donor units are often much cheaper than brand-new terminals, as they’re usually useless to the seller. This approach makes the repair both cost-effective and fast, as it doesn’t require complex procedures or diagnostics.
The account transfer method has been used in Ukraine since 2022 and has likely helped save thousands of terminals damaged during the war.
I kept this method secret for a while due to security concerns. However, it’s now more widely known and actively used. Additionally, many things have changed from a hardware perspective, so there’s no longer a reason to keep it confidential.
Starlink terminal identification and authorization.
User terminal ID.
Each Starlink terminal has a unique ID called the “UTID” (User Terminal ID). This ID is stored in the terminal’s secure co-processor and is used to identify the device on the Starlink network.
This ID can be found in your Starlink mobile app or your account web page. Since it is programmed into the hardware, it is always possible to read it via the app or gRPC API.
SpaceX identifies and manages Starlink terminals solely by this ID.
The user terminal ID can’t be reprogrammed.
Secure co-processor.
This highly specialized CPU uses the UTID to perform Digest authorization on the Starlink network. The Secure CPU is always bound to the UTID, which is typically stored inside this CPU.
Certificates.
Certificates are stored in a secure area (the location of which depends on the terminal revision) and used during the final stage of network entry and user tunnel establishment. This is the primary method for encrypting user network data. Certificates are also bound to the specific UTID and cannot be used with a different UTID if extracted.
The implementation of the secure CPU, UTID, and certificate storage depends on the terminal revision and the generation of the main CPU.
As for May 2025, there are two major generations of the main CPU: Catson and Catapult. Below, I will describe how everything works on both CPUs.
Serial number
This is the inventory number, and it’s not programmed into the terminal. It exists only in SpaceX’s database and is printed on the terminal’s PCB and case (or pole mount, depending on the terminal version).
The serial number can be used for accounting purposes and user-side identification of Starlink devices, typically when communicating with Starlink support.
KIT ID
The KIT ID is literally the identifier of the entire Starlink kit. It combines the IDs of the Starlink terminal, router, and any other components included in the box. This is another inventory-only number that exists solely in SpaceX’s database (and is therefore available in the user account) and is printed on the Starlink packaging. Like the serial number, the KIT ID is not programmed into the terminal, and the Starlink hardware has no knowledge of its KIT ID.
It’s a good idea to save the KIT ID when working with multiple terminals. Otherwise, it can be challenging to determine which devices belong to which kit once they’re mixed.
Catson CPU family
The Catson CPU is the original Starlink processor used in most terminals produced. There were four revisions of the Catson CPU, but these details are not relevant in the context of this article.
Starlink revisions with the Catson CPU:
rev_rev1_pre_production
rev_rev1_production
rev_rev1_proto3
rev_rev2_proto1
rev_rev2_proto2
rev_rev2_proto3
rev_rev2_proto4
rev_rev3_proto0
rev_rev3_proto1
rev_rev3_proto2
rev_rev4_prod1
rev_rev4_prod2
rev_rev4_prod3
rev_hp1_aviation_proto0
rev_hp1_proto0
rev_hp1_proto1
rev_hp1_proto2
You can find information about all the revisions here.
Also, you can always use the Star Debug mobile app to find the exact revision of your Starlink terminal hardware:
All Catson-based Starlink terminals are using a separate security chip – STSAFE-A110.
The common misconception is that this chip is similar to a flash or EEPROM device. In reality, it is a complex component that combines a cryptographic CPU with a relatively small, protected storage area. This storage is used for certificates, while the UTID and cryptographic keys are fused (provisioned) into the chip at the factory.
This single, small chip contains everything related to the Starlink account, making it easy to transfer the account between a damaged unit and a donor device.
Also, the STSAFE chip is not bound to the CPU, eMMC flash, or firmware. It can be transferred between different Starlink hardware revisions. For example, you can move it from an older REV2 round Dishy to an HP or REV4 unit, and it will work without any issues. Let’s hope SpaceX doesn’t block this useful feature in future firmware updates (right, SpaceX guys?).
That’s all you need – just move the chip from one board to another. This effectively creates a perfect “clone” of the damaged unit. From SpaceX’s perspective, it is the same device.
No additional steps are required.
Starlink firmware accesses this chip on boot and during each network entry. Never try to swap these chips on powered and booted terminals.
Please use the Star Debug or official Starlink app to check that the donor terminal acquired the “new” UTID that belonged to the damaged unit.
⚠️ Rework the chip if you see “unknown ID” or “RF error” in the Ready states. It might be bad soldering.
Below, you will find the STSAFE location on different Starlink revisions.
The new REV4 terminal is difficult to disassemble, so it’s much easier to access the STSAFE chip by creating a window at a specific location on the case:
⚠️ The Starlink PCB has significant thermal mass, and the STSAFE pins are delicate—it’s easy to tear off the GND pin. Never apply force when removing the chip. If it isn’t “floating” and moving slightly when touched with tweezers, apply more heat using a hot air rework station and add some flux. Optimal air temperature is 390C. Don’t use a high air flow because blowing out the surrounding components is easy.
Catapult CPU family
All modern Starlink terminals, starting with the release of the Starlink Mini, are built on the new Catapult platform. The REV4 model has also transitioned from Catson to Catapult.
Starlink revisions with the Catapult CPU (as of May 2025):
rev4_catapult_prod1
mini1_prod1
mini1_prod2
mini1_prod3
Upcoming revisions:
rev4_hp_prod1
You can determine which REV4 you have by looking at the Hardware revision in Star Debug. Alternatively, you can check the KIT ID on the box. If the KIT ID contains not only numbers but also letters, it’s Catapult.
The Catapult CPU introduces additional complexity. The standalone STSAFE chip is no longer present—its functionality has been integrated into the Catapult CPU as a dedicated RISC-V core. The UTID is programmed directly into this CPU, making each Catapult CPU unique.
You might notice that the UTID on Catapult-based devices looks different and uses more symbols. This is because Catapult UTID is effectively the ID of the built-in secure RISC-V core.
Since certificates and keys are no longer stored internally, they have been moved to the eMMC flash. As a result, the Catapult CPU and eMMC now form a matched pair.
Transferring an account between Catapult devices is still possible, but moving both the CPU and eMMC chips is required. These are small BGA components, so this procedure demands advanced soldering skills and high-quality rework equipment.
Transferring an account between the Catson and Catapult platforms is, of course, not possible.
A note about Starlink firmware version
For Catson-based terminals, ensure that the donor unit’s firmware version is 2024 or later. Older firmware versions—particularly those from before late 2023—may no longer connect to the satellite and will be unable to update.
As of 2024, the terminal firmware can be updated using the official Starlink app without an internet connection. SpaceX added this feature to the firmware in early 2024, so older firmware can’t be updated from the app.
Alternatively, you can swap the eMMC chip along with the STSAFE chip to bypass issues related to outdated firmware.
For Catapult-based devices, you’re already swapping the eMMC, which carries the firmware from the damaged unit, so this issue does not apply.
—
Thanks for reading.
I hope this will help you with your repairs.
what do you meand with, . Never try to swap these chips on the fly ?
I mean on powered and booted Starlink terminal.
“As a result, the Catson CPU and eMMC now form a matched pair.” – did you mean “Catapult CPU” or am I missing something?
It was a typo. Fixed.
Thank you!