diff --git a/CHANGELOG.md b/CHANGELOG.md
index 695e165df..11c5f9c0d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Added `--override` parameter to NDEF read for overriding MAD CRC check (@iceman1001)
 - Added `hf saflok` commands (@stiebeljoshua)
 - Added `ntag_clean.lua` script for easier NTAG memory wipe (@trigat)
 - Changed from Bigbuf malloc to Bigbuf calloc calls on device side (@iceman1001)
diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c
index 23f62ad5c..fe85b0083 100644
--- a/client/src/cmdhfmf.c
+++ b/client/src/cmdhfmf.c
@@ -6787,6 +6787,7 @@ static int CmdHF14AMfMAD(const char *Cmd) {
     bool swapmad = arg_get_lit(ctx, 5);
     bool decodeholder = arg_get_lit(ctx, 6);
     bool force = arg_get_lit(ctx, 8);
+    bool override = arg_get_lit(ctx, 9);
 
     int fnlen = 0;
     char filename[FILE_PATH_SIZE] = {0};
@@ -6874,7 +6875,7 @@ static int CmdHF14AMfMAD(const char *Cmd) {
         if (aidlen == 2 || decodeholder) {
             uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};
             size_t madlen = 0;
-            if (MADDecode(dump, dump + (0x10 * MIFARE_1K_MAXBLOCK), mad, &madlen, swapmad)) {
+            if (MADDecode(dump, dump + (0x10 * MIFARE_1K_MAXBLOCK), mad, &madlen, swapmad, override)) {
                 PrintAndLogEx(ERR, "can't decode MAD");
                 free(dump);
                 return PM3_ESOFT;
@@ -6959,7 +6960,7 @@ static int CmdHF14AMfMAD(const char *Cmd) {
     if (aidlen == 2 || decodeholder) {
         uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};
         size_t madlen = 0;
-        if (MADDecode(sector0, sector10, mad, &madlen, swapmad)) {
+        if (MADDecode(sector0, sector10, mad, &madlen, swapmad, override)) {
             PrintAndLogEx(ERR, "can't decode MAD");
             return PM3_ESOFT;
         }
@@ -7052,8 +7053,8 @@ int CmdHFMFNDEFRead(const char *Cmd) {
                   "Prints NFC Data Exchange Format (NDEF)",
                   "hf mf ndefread -> shows NDEF parsed data\n"
                   "hf mf ndefread -vv -> shows NDEF parsed and raw data\n"
+                  "hf mf ndefread -f myfilename                   -> save raw NDEF to file\n"
                   "hf mf ndefread --aid e103 -k ffffffffffff -b -> shows NDEF data with custom AID, key and with key B\n"
-                  "hf mf ndefread -f myfilename -> save raw NDEF to file"
                  );
 
     void *argtable[] = {
@@ -7063,6 +7064,7 @@ int CmdHFMFNDEFRead(const char *Cmd) {
         arg_str0("k",  "key",      "<key>", "replace default key for NDEF"),
         arg_lit0("b",  "keyb",     "use key B for access sectors (by default: key A)"),
         arg_str0("f", "file", "<fn>", "save raw NDEF to file"),
+        arg_lit0(NULL, "override", "override failed crc check"),
         arg_param_end
     };
     CLIExecWithReturn(ctx, Cmd, argtable, true);
@@ -7083,6 +7085,7 @@ int CmdHFMFNDEFRead(const char *Cmd) {
     char filename[FILE_PATH_SIZE] = {0};
     CLIParamStrToBuf(arg_get_str(ctx, 5), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
 
+    bool override = arg_get_lit(ctx, 6);
     CLIParserFree(ctx);
 
     uint16_t ndef_aid = NDEF_MFC_AID;
@@ -7131,7 +7134,7 @@ int CmdHFMFNDEFRead(const char *Cmd) {
 
     uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};
     size_t madlen = 0;
-    res = MADDecode(sector0, sector10, mad, &madlen, false);
+    res = MADDecode(sector0, sector10, mad, &madlen, false, override);
     if (res != PM3_SUCCESS) {
         PrintAndLogEx(ERR, "can't decode MAD");
         return res;
@@ -7561,7 +7564,7 @@ int CmdHFMFNDEFWrite(const char *Cmd) {
     // decode MAD v1
     uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};
     size_t madlen = 0;
-    res = MADDecode(sector0, sector10, mad, &madlen, false);
+    res = MADDecode(sector0, sector10, mad, &madlen, false, false);
     if (res != PM3_SUCCESS) {
         PrintAndLogEx(ERR, "can't decode MAD");
         return res;
@@ -8441,7 +8444,7 @@ static int CmdHF14AMfView(const char *Cmd) {
         // decode MAD v1
         uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};
         size_t madlen = 0;
-        res = MADDecode(dump, NULL, mad, &madlen, false);
+        res = MADDecode(dump, NULL, mad, &madlen, false, true);
         if (res != PM3_SUCCESS) {
             PrintAndLogEx(ERR, "can't decode MAD");
             return res;
diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c
index 6433bcf2e..94f1df5c9 100644
--- a/client/src/cmdhfmfp.c
+++ b/client/src/cmdhfmfp.c
@@ -1981,6 +1981,7 @@ static int CmdHFMFPMAD(const char *Cmd) {
         arg_lit0("b",  "keyb",     "Use key B for access printing sectors (def: key A)"),
         arg_lit0(NULL, "be",       "(optional: BigEndian)"),
         arg_lit0(NULL, "dch",      "Decode Card Holder information"),
+        arg_lit0(NULL, "override", "override failed crc check"),
         arg_param_end
     };
     CLIExecWithReturn(ctx, Cmd, argtable, true);
@@ -1995,6 +1996,7 @@ static int CmdHFMFPMAD(const char *Cmd) {
     bool keyB = arg_get_lit(ctx, 4);
     bool swapmad = arg_get_lit(ctx, 5);
     bool decodeholder = arg_get_lit(ctx, 6);
+    bool override = arg_get_lit(ctx, 7);
 
     CLIParserFree(ctx);
 
@@ -2035,7 +2037,7 @@ static int CmdHFMFPMAD(const char *Cmd) {
     if (aidlen == 2 || decodeholder) {
         uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};
         size_t madlen = 0;
-        if (MADDecode(sector0, sector16, mad, &madlen, swapmad)) {
+        if (MADDecode(sector0, sector16, mad, &madlen, swapmad, override)) {
             PrintAndLogEx(ERR, "can't decode MAD");
             return PM3_EWRONGANSWER;
         }
@@ -2140,8 +2142,8 @@ int CmdHFMFPNDEFRead(const char *Cmd) {
                   "Prints NFC Data Exchange Format (NDEF)",
                   "hf mfp ndefread \n"
                   "hf mfp ndefread -vv                                            -> shows NDEF parsed and raw data\n"
+                  "hf mfp ndefread -f myfilename                                  -> save raw NDEF to file\n"
                   "hf mfp ndefread --aid e103 -k d3f7d3f7d3f7d3f7d3f7d3f7d3f7d3f7 -> shows NDEF data with custom AID and key\n"
-                  "hf mfp ndefread -f myfilename -> save raw NDEF to file"
                  );
 
     void *argtable[] = {
@@ -2151,6 +2153,7 @@ int CmdHFMFPNDEFRead(const char *Cmd) {
         arg_str0("k",  "key",      "<key>", "replace default key for NDEF"),
         arg_lit0("b",  "keyb",     "use key B for access sectors (by default: key A)"),
         arg_str0("f",  "file", "<fn>", "save raw NDEF to file"),
+        arg_lit0(NULL, "override", "override failed crc check"),
         arg_param_end
     };
     CLIExecWithReturn(ctx, Cmd, argtable, true);
@@ -2168,6 +2171,8 @@ int CmdHFMFPNDEFRead(const char *Cmd) {
     int fnlen = 0;
     char filename[FILE_PATH_SIZE] = {0};
     CLIParamStrToBuf(arg_get_str(ctx, 5), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
+
+    bool override = arg_get_lit(ctx, 6);
     CLIParserFree(ctx);
 
     uint16_t ndefAID = 0xe103;
@@ -2215,7 +2220,7 @@ int CmdHFMFPNDEFRead(const char *Cmd) {
 
     uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};
     size_t madlen = 0;
-    res = MADDecode(sector0, (haveMAD2 ? sector16 : NULL), mad, &madlen, false);
+    res = MADDecode(sector0, (haveMAD2 ? sector16 : NULL), mad, &madlen, false, override);
     if (res != PM3_SUCCESS) {
         PrintAndLogEx(ERR, "can't decode MAD");
         return res;
diff --git a/client/src/cmdnfc.c b/client/src/cmdnfc.c
index 42e0ab9a6..639d28145 100644
--- a/client/src/cmdnfc.c
+++ b/client/src/cmdnfc.c
@@ -83,6 +83,7 @@ static int CmdNfcDecode(const char *Cmd) {
         arg_param_begin,
         arg_str0("d",  "data", "<hex>", "NDEF data to decode"),
         arg_str0("f", "file", "<fn>", "file to load"),
+        arg_lit0(NULL, "override", "override failed crc check"),
         arg_lit0("v",  "verbose", "verbose output"),
         arg_param_end
     };
@@ -96,7 +97,8 @@ static int CmdNfcDecode(const char *Cmd) {
     char filename[FILE_PATH_SIZE] = {0};
     CLIParamStrToBuf(arg_get_str(ctx, 2), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
 
-    bool verbose = arg_get_lit(ctx, 3);
+    bool override = arg_get_lit(ctx, 3);
+    bool verbose = arg_get_lit(ctx, 4);
     CLIParserFree(ctx);
     if (((datalen != 0) && (fnlen != 0)) || ((datalen == 0) && (fnlen == 0))) {
         PrintAndLogEx(ERR, "You must provide either data in hex or a filename");
@@ -141,7 +143,7 @@ static int CmdNfcDecode(const char *Cmd) {
                 uint8_t ndef[4096] = {0};
                 uint16_t ndeflen = 0;
 
-                if (convert_mad_to_arr(tmp, bytes_read, ndef, &ndeflen) != PM3_SUCCESS) {
+                if (convert_mad_to_arr(tmp, bytes_read, ndef, &ndeflen, override) != PM3_SUCCESS) {
                     PrintAndLogEx(FAILED, "Failed converting, aborting...");
                     free(dump);
                     return PM3_ESOFT;
diff --git a/client/src/mifare/mad.c b/client/src/mifare/mad.c
index eae149a4c..2a5b72703 100644
--- a/client/src/mifare/mad.c
+++ b/client/src/mifare/mad.c
@@ -198,16 +198,17 @@ int MADCheck(uint8_t *sector0, uint8_t *sector16, bool verbose, bool *haveMAD2)
         return PM3_EINVARG;
 
     uint8_t GPB = sector0[(3 * 16) + 9];
-    if (verbose)
+    if (verbose) {
         PrintAndLogEx(SUCCESS, "GPB....... " _GREEN_("0x%02X"), GPB);
+    }
 
     // DA (MAD available)
-    if (!(GPB & 0x80)) {
+    if ((GPB & 0x80) == 0x00) {
         PrintAndLogEx(ERR, "DA = 0! MAD not available");
         return PM3_ESOFT;
     }
 
-    uint8_t mad_ver = GPB & 0x03;
+    uint8_t mad_ver = (GPB & 0x03);
     if (verbose)
         PrintAndLogEx(SUCCESS, "Version... " _GREEN_("%d"), mad_ver);
 
@@ -228,12 +229,14 @@ int MADCheck(uint8_t *sector0, uint8_t *sector16, bool verbose, bool *haveMAD2)
 
     if (mad_ver == 2 && sector16) {
         int res2 = madCRCCheck(sector16, true, 2);
-        if (res == PM3_SUCCESS)
+        if (res == PM3_SUCCESS) {
             res = res2;
+        }
 
-        if (verbose && !res2)
+        if (verbose && !res2) {
             PrintAndLogEx(SUCCESS, "CRC8...... 0x%02X ( %s )", sector16[0], _GREEN_("ok"));
     }
+    }
 
     // MA (multi-application card)
     if (verbose) {
@@ -245,15 +248,20 @@ int MADCheck(uint8_t *sector0, uint8_t *sector16, bool verbose, bool *haveMAD2)
     return res;
 }
 
-int MADDecode(uint8_t *sector0, uint8_t *sector16, uint16_t *mad, size_t *madlen, bool swapmad) {
+int MADDecode(uint8_t *sector0, uint8_t *sector16, uint16_t *mad, size_t *madlen, bool swapmad, bool override) {
     *madlen = 0;
     bool haveMAD2 = false;
     int res = MADCheck(sector0, sector16, false, &haveMAD2);
-    if (res != PM3_SUCCESS) {
+
+    if (res != PM3_SUCCESS && override == false) {
         PrintAndLogEx(WARNING, "Not a valid MAD");
         return res;
     }
 
+    if (override) {
+        PrintAndLogEx(INFO, "overriding crc check");
+    }
+
     // 7 + 8 == 15
     for (int i = 1; i <= 16; i++) {
         mad[*madlen] = madGetAID(sector0, swapmad, 1, i);
@@ -472,7 +480,7 @@ int DetectHID(uint8_t *d, uint16_t manufacture) {
     return -1;
 }
 
-int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen) {
+int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen, bool override) {
 
     if (in == NULL || out == NULL || ilen == 0) {
         return PM3_EINVARG;
@@ -494,7 +502,7 @@ int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen)
 
     uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};
     size_t madlen = 0;
-    if (MADDecode(sector0, sector16, mad, &madlen, false)) {
+    if (MADDecode(sector0, sector16, mad, &madlen, false, override)) {
         PrintAndLogEx(ERR, "can't decode MAD");
         return PM3_ESOFT;
     }
diff --git a/client/src/mifare/mad.h b/client/src/mifare/mad.h
index 1da097527..320c80453 100644
--- a/client/src/mifare/mad.h
+++ b/client/src/mifare/mad.h
@@ -22,7 +22,7 @@
 #include "common.h"
 
 int MADCheck(uint8_t *sector0, uint8_t *sector16, bool verbose, bool *haveMAD2);
-int MADDecode(uint8_t *sector0, uint8_t *sector16, uint16_t *mad, size_t *madlen, bool swapmad);
+int MADDecode(uint8_t *sector0, uint8_t *sector16, uint16_t *mad, size_t *madlen, bool swapmad, bool override);
 int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMAD2);
 int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose);
 int MADDFDecodeAndPrint(uint32_t short_aid, bool verbose);
@@ -30,5 +30,5 @@ int MADCardHolderInfoDecode(uint8_t *data, size_t datalen, bool verbose);
 void MADPrintHeader(void);
 bool HasMADKey(uint8_t *d);
 int DetectHID(uint8_t *d, uint16_t manufacture);
-int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen);
+int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen, bool override);
 #endif // _MAD_H_
diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h
index e5d8d2474..4c4554d08 100644
--- a/include/pm3_cmd.h
+++ b/include/pm3_cmd.h
@@ -767,7 +767,8 @@ typedef struct {
 #define CMD_HF_MFU_OTP_TEAROFF                                            0x0740
 // MFU_Ev1 Counter TearOff
 #define CMD_HF_MFU_COUNTER_TEAROFF                                        0x0741
-
+#define CMD_HF_MFU_ULC_CHKKEYS                                            0x0742
+#define CMD_HF_MFU_ULAES_CHKKEYS                                          0x0743
 
 
 #define CMD_HF_SNIFF                                                      0x0800