Interesting attack you describe. I'll try to look more carefully at the details soon.
The cards that always respond are probably not manufactured by NXP. They seem to be cheap unlicensed MIFARE Classic clones. In this post you will find an overview of the 5 available clones that I was able to track down. [www.proxmark.org
Personally I have some Fudan FM11RF08 tags (which have this "always-answer-on-auth-failure" problem).
Maybe it is useful to know that MIFARE Classic cards only support the ISO14443A standard up to level 3 (not 4, where the ATS/ATR is described). This means that tools often simulate a (dummy) ATS for cards that do not support this. Original and clone cards are distinguishable though, let me sum up some ways.
- A genuine card will answer to a 7bits frame 0x0E (like the REQA/WUPA message), don't ask me why, but clones will not.
- You can authenticate and communicate to a clone card with incorrect parities, as long as you keep the CRC ok, you can send any parities you want. A genuine card will not accept this.
- The timing is different. The MIFARE Clones seem to be more vulnerable to timing side-channel attacks, while genuine cards are more constant in answering.
- The random number generator seems to be iterating different (slower?) on clones.
I've found more differences, let me know if you are interested in them, so I can dig them up for ya
Radboud University Nijmegen