diff --git a/rs41/rs41.c b/rs41/rs41.c
index 7ebb8e3..548fc2f 100644
--- a/rs41/rs41.c
+++ b/rs41/rs41.c
@@ -401,7 +401,7 @@ int crc16x(int start, int len) {
     int rem = 0xFFFF, i, j;
     int xbyte;
 
-    if (start+len >= FRAME_LEN) return -1;
+    if (start+len+2 > FRAME_LEN) return -1;
 
     for (i = 0; i < len; i++) {
         xbyte = xorbyte(start+i);
@@ -724,16 +724,16 @@ int get_Aux() {
     // 7Exx: xdata
     while ( pos7E < FRAME_LEN  &&  xorbyte(pos7E) == 0x7E ) {
 
-        auxlen = xorbyte(pos_AUX+1);
-        auxcrc = xorbyte(pos_AUX+2+auxlen) | (xorbyte(pos_AUX+2+auxlen+1)<<8);
+        auxlen = xorbyte(pos7E+1);
+        auxcrc = xorbyte(pos7E+2+auxlen) | (xorbyte(pos7E+2+auxlen+1)<<8);
 
         if (count7E == 0) fprintf(stdout, "\n # xdata = ");
         else              fprintf(stdout, " # ");
 
-        if ( auxcrc == crc16x(pos_AUX+2, auxlen) ) {
-            //fprintf(stdout, " # %02x : ", xorbyte(pos_AUX+2));
+        if ( auxcrc == crc16x(pos7E+2, auxlen) ) {
+            //fprintf(stdout, " # %02x : ", xorbyte(pos7E+2));
             for (i = 1; i < auxlen; i++) {
-                fprintf(stdout, "%c", xorbyte(pos_AUX+2+i));
+                fprintf(stdout, "%c", xorbyte(pos7E+2+i));
             }
             count7E++;
             pos7E += 2+auxlen+2;
diff --git a/rs41/rs41ecc.c b/rs41/rs41ecc.c
index 9e867dc..c1b22e9 100644
--- a/rs41/rs41ecc.c
+++ b/rs41/rs41ecc.c
@@ -401,7 +401,7 @@ int crc16x(int start, int len) {
     int rem = 0xFFFF, i, j;
     int xbyte;
 
-    if (start+len >= FRAME_LEN) return -1;
+    if (start+len+2 > FRAME_LEN) return -1;
 
     for (i = 0; i < len; i++) {
         xbyte = xorbyte(start+i);
@@ -424,7 +424,7 @@ int crc16(int start, int len) {
     int rem = 0xFFFF, i, j;
     int byte;
 
-    if (start+len >= FRAME_LEN) return -1;
+    if (start+len+2 > FRAME_LEN) return -1;
 
     for (i = 0; i < len; i++) {
         byte = framebyte(start+i);
@@ -447,6 +447,7 @@ int check_CRC(ui32_t pos, ui32_t pck) {
            crcdat = 0;
     if (((pck>>8) & 0xFF) != frame[pos]) return -1;
     crclen = frame[pos+1];
+    if (pos + crclen + 4 > FRAME_LEN) return -1;
     crcdat = u2(frame+pos+2+crclen);
     if ( crcdat != crc16(pos+2, crclen) ) {
         return 1;  // CRC NO
@@ -811,16 +812,16 @@ int get_Aux() {
     // 7Exx: xdata
     while ( pos7E < FRAME_LEN  &&  framebyte(pos7E) == 0x7E ) {
 
-        auxlen = framebyte(pos_AUX+1);
-        auxcrc = framebyte(pos_AUX+2+auxlen) | (framebyte(pos_AUX+2+auxlen+1)<<8);
+        auxlen = framebyte(pos7E+1);
+        auxcrc = framebyte(pos7E+2+auxlen) | (framebyte(pos7E+2+auxlen+1)<<8);
 
         if (count7E == 0) fprintf(stdout, "\n # xdata = ");
         else              fprintf(stdout, " # ");
 
-        if ( auxcrc == crc16(pos_AUX+2, auxlen) ) {
-            //fprintf(stdout, " # %02x : ", framebyte(pos_AUX+2));
+        if ( auxcrc == crc16(pos7E+2, auxlen) ) {
+            //fprintf(stdout, " # %02x : ", framebyte(pos7E+2));
             for (i = 1; i < auxlen; i++) {
-                fprintf(stdout, "%c", framebyte(pos_AUX+2+i));
+                fprintf(stdout, "%c", framebyte(pos7E+2+i));
             }
             count7E++;
             pos7E += 2+auxlen+2;
@@ -828,6 +829,8 @@ int get_Aux() {
         else pos7E = FRAME_LEN;
     }
 
+    i = check_CRC(pos7E, 0x7600);  // 0x76xx: 00-padding block
+
     return count7E;
 }