diff --git a/CHANGELOG.md b/CHANGELOG.md
index c898dd201..c46c7e37e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Fixed `hf mf sim` not to respond to authentication attempts for sectors out of bound for selected Mifare type (@piotrva)
 - Added option to build against non-default python3 with CMake as well (@doegox)
 - Added option to build against non-default python3 with Makefile (@ANTodorov)
 - Changed `hf 14a info` `hf mf info` - now detects FM1216-137 CPU cards (@iceman1001)
diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c
index a10956d61..aa93e8770 100644
--- a/armsrc/mifaresim.c
+++ b/armsrc/mifaresim.c
@@ -184,6 +184,20 @@ static bool IsAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) {
     }
 }
 
+static uint8_t MifareMaxSector(uint16_t flags) {
+    if (IS_FLAG_MF_SIZE(flags, MIFARE_MINI_MAX_BYTES)) {
+        return MIFARE_MINI_MAXSECTOR;
+    } else if (IS_FLAG_MF_SIZE(flags, MIFARE_1K_MAX_BYTES)) {
+        return MIFARE_1K_MAXSECTOR;
+    } else if (IS_FLAG_MF_SIZE(flags, MIFARE_2K_MAX_BYTES)) {
+        return MIFARE_2K_MAXSECTOR;
+    } else if (IS_FLAG_MF_SIZE(flags, MIFARE_4K_MAX_BYTES)) {
+        return MIFARE_4K_MAXSECTOR;
+    } else {
+        return MIFARE_4K_MAXSECTOR;
+    }
+}
+
 static bool MifareSimInit(uint16_t flags, uint8_t *uid, uint16_t atqa, uint8_t sak, tag_response_info_t **responses, uint32_t *cuid, uint8_t *uid_len, uint8_t **rats, uint8_t *rats_len) {
 
     uint8_t uid_tmp[10] = {0};
@@ -464,6 +478,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
 
     uint8_t cardWRBL = 0;
     uint8_t cardAUTHSC = 0;
+    uint8_t cardMaxSEC = MifareMaxSector(flags);
     uint8_t cardAUTHKEY = AUTHKEYNONE;  // no authentication
     uint32_t cardRr = 0;
     uint32_t ans = 0;
@@ -769,6 +784,14 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
 
                     if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] KEY %c: %012" PRIx64, (cardAUTHKEY == 0) ? 'A' : 'B', emlGetKey(cardAUTHSC, cardAUTHKEY));
 
+                    // sector out of range - do not respond
+                    if (cardAUTHSC >= cardMaxSEC) {
+                        cardAUTHKEY = AUTHKEYNONE; // not authenticated
+                        cardSTATE_TO_IDLE();
+                        if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] Out of range sector %d(0x%02x)", cardAUTHSC, cardAUTHSC);
+                        break;
+                    }
+
                     // first authentication
                     crypto1_deinit(pcs);