diff --git a/client/emv/cmdemv.c b/client/emv/cmdemv.c
index 7922bc616..a42002c60 100644
--- a/client/emv/cmdemv.c
+++ b/client/emv/cmdemv.c
@@ -1661,6 +1661,12 @@ int CmdEMVRoca(const char *cmd) {
 		
 		PrintAndLogEx(INFO, "ICC pk modulus: %s", sprint_hex_inrow(icc_pk->modulus, icc_pk->mlen));
 		
+		
+		uint8_t key[] = "944e13208a280c37efc31c3114485e590192adbb8e11c87cad60cdef0037ce99278330d3f471a2538fa667802ed2a3c44a8b7dea826e888d0aa341fd664f7fa7";
+		if (emv_rocacheck(key, 64)) 
+				PrintAndLogEx(INFO, "DEMO ICC pk is vulnerable by roca.");
+		
+		
 		//	icc_pk->exp, icc_pk->elen
 		//	icc_pk->modulus, icc_pk->mlen
 		if (icc_pk->elen > 0 && icc_pk->mlen > 0) {
diff --git a/client/emv/emv_roca.c b/client/emv/emv_roca.c
index 2aaa10875..42bcce6db 100644
--- a/client/emv/emv_roca.c
+++ b/client/emv/emv_roca.c
@@ -84,6 +84,7 @@ bool emv_rocacheck(const unsigned char *buf, size_t buflen) {
 
 	MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary(&t_modulus, buf, buflen) );
 	
+	mbedtls_mpi g_one;
 	mbedtls_mpi_init(&g_one);
 	MBEDTLS_MPI_CHK( mbedtls_mpi_read_string(&g_one, 10, "1") );
 	
@@ -92,7 +93,6 @@ printf("--p:%d\n", i);
 
 		mbedtls_mpi t_temp;
 		mbedtls_mpi t_prime;
-		mbedtls_mpi g_one;
 		
 		mbedtls_mpi_init(&t_temp);
 		mbedtls_mpi_init(&t_prime);