I'm having issues moving a mifare plus s 2K card into sl3. The personalization was done and the card is now in SL1, all the keys have been written in blocks 0x4000-0x403f, 0x9000-0x9003.
I'm issuing a RATS command to enter t=cl protocol and then a firstauth to 0x9003. I'm correctly getting a challenge from the card, a 16 byte rndB, which I decrypt and rotate.
However, after I issue a following auth with rndA and rndB' the card returns:
00 00 0b 01 06 90 00 instead of rndA' and the rest of needed information.
(using an omnikey, so the first 4 bytes are two zeroes, a PCB and CID and then return code 6).
From what I can see, this error means that the block does not exist or the access conditions are not fulfilled. Might this be an error in how I compose rndA|rndB'? Or is there something else I must do first?