Design for Test (DfT) techniques, such as scan chains, enhance the observability and control of a circuit’s behavior during runtime. However, these techniques also introduce significant security vulnerabilities, creating an attractive attack surface that can compromise the entire security framework of the Device under Test (DuT). As technological advancements continue and complexity grows, the dependence on DfT techniques increases to meet the accelerated time-to-market requirements of modern ICs. This creates a crucial trade-off between the testability of Integrated Circuits (ICs) and their physical security. In this study, we demonstrate that sensitive data can be extracted from registers by identifying their locations on the chip and exploiting DfT structures through optical probing—specifically targeting scan chains—even when test mode access is restricted. Additionally, we show that an obfuscated scan chain architecture can be fully reconstructed using standard tools and techniques from the Failure Analysis (FA) domain.