Is there any reliable/known way to check that there is a lockout on faulty auths? I know brute-forcing 8 bytes is logically stupid in this case due to auth physical timing to the card, because even with dumb luck for one tag its not repeatable. I was hoping there is some way to do this many times similar to how hard-nested attack found a way to only do a portion of the auth sequence to get the data necessary, maybe there are some bytes that come that wouldn't normally when a correct key is provided...I guess I need to read the specs and try and see if anything is possible.
if the tag is locked well you won't know if it has the lockout after x faulty auths turned on or not. (the info cmd would tell you if it can read it.)