diff --git a/build/javacard/applet.cap b/build/javacard/applet.cap
index 06b52a63ec37bf213fa54e506d0fcfe9c850f12a..d05649ca6de668f988ded59df67fe5681f4d6663 100644
Binary files a/build/javacard/applet.cap and b/build/javacard/applet.cap differ
diff --git a/build/javacard/applet.exp/vku2f.jar b/build/javacard/applet.exp/vku2f.jar
index fc51ae630dc86e9e2f00f0664223558f6b277445..c6b0b53dd6b90bb4a548f24c5643ec643926f740 100644
Binary files a/build/javacard/applet.exp/vku2f.jar and b/build/javacard/applet.exp/vku2f.jar differ
diff --git a/build/javacard/applet.jca b/build/javacard/applet.jca
index eb8f2a456fc8c8e8ff21c619136db7b0499940e2..04fd4f3a7f0aa91a4a8671b2bebcdd32b73fbcf4 100644
--- a/build/javacard/applet.jca
+++ b/build/javacard/applet.jca
@@ -1,5 +1,5 @@
 // converted by version  [v3.0.5]
-// on Mon Jun 13 23:42:38 CST 2022
+// on Tue Jun 14 00:10:57 CST 2022
 
 .package com/josh/vku2f {
 	.aid 0xA0:0x0:0x0:0x6:0x47;
@@ -3828,16 +3828,27 @@
 		}
 
 		.method private getPuKxRx(Ljavacard/framework/APDU;S)V {
-			.stack 5;
+			.stack 6;
 			.locals 0;
 
 			.descriptor	Ljavacard/framework/APDU;	2.10;
 
-				L0:	getfield_a_this 34;		// reference com/josh/vku2f/CTAP2.idSecret
+				L0:	getfield_a_this 19;		// reference com/josh/vku2f/CTAP2.dataBuffer
+					sconst_1;
+					getfield_a_this 20;		// reference com/josh/vku2f/CTAP2.scratch
+					sconst_0;
+					sload_2;
+					sconst_1;
+					ssub;
+					invokestatic 355;		// javacard/framework/Util.arrayCopy([BS[BSS)S
+					pop;
+					getfield_a_this 34;		// reference com/josh/vku2f/CTAP2.idSecret
 					new 184;		// com/josh/vku2f/DomString
 					dup;
-					getfield_a_this 19;		// reference com/josh/vku2f/CTAP2.dataBuffer
+					getfield_a_this 20;		// reference com/josh/vku2f/CTAP2.scratch
 					sload_2;
+					sconst_1;
+					ssub;
 					invokespecial 185;		// com/josh/vku2f/DomString.<init>([BS)V
 					putfield_a 37;		// reference com/josh/vku2f/IDSecret.IDx
 					getfield_a_this 23;		// reference com/josh/vku2f/CTAP2.cborEncoder
diff --git a/src/main/java/com/josh/vku2f/CTAP2.java b/src/main/java/com/josh/vku2f/CTAP2.java
index c69c2d8cb4abfff69f21d61d2e68373345668703..95bf704e69c0683e0cbd00362ebc546bc442506f 100644
--- a/src/main/java/com/josh/vku2f/CTAP2.java
+++ b/src/main/java/com/josh/vku2f/CTAP2.java
@@ -420,7 +420,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
         keyAgreement.generateSecret(idSecret.PuKp, (short)0, (short)65, idSecret.sharedSecret, (short)0);
 
         idSecret.initAesKey();
-        idSecret.encryptCx();// this line will crash this applet
+        idSecret.encryptCx();
 
         cborEncoder.init(dataBuffer, (short)0, (short)1200);
         cborEncoder.startArray((short)2);