You could try glitching it with the latest B0D unlocker.
Blockers are only bugcatchers and the sole function of glitching is to remove bugcatchers hence you can pretty much always glitch your way into a Rom11 card by one means or another.
Nozzer this is not true of many of the public domain blockers (such as the B09 image that is doing the rounds) as it has a bugcatcher protecting against writes to codespace hooked in on the write-or-erase-eeprom routine (unless its writing #$30 into numbugs, the backdoor/freespace flag or date on cam).
The B0D script could be easily adapted to use a payload that bypasses this routine alltogether, or such that it sets numbugs from 34 to 30 before setting it to zero.
The B09 blocker has a password hooked in on the classA0 bug command number D8 with the Bk as the password, this toggles numbugs between 34 (6900) and 30 (9000). When set at 30 the codespace protection is off and the B0D script can finish the job if the card still isnt readable.
Also the code indicated that it would allow writes if BDK0 was in ram, so I dont understand how so many people are having problems. Guess its just people using blockers they havent got a clue about.
This B09 blocker is missing part of the code (where its been crudely adapted from another provider I would guess) and contains no real EMM handling routines - I wouldnt touch it with a barge pole lol.
I did a disasm of it somewhere when it first surfaced, cant remember where I posted it now though lol.
Of course it may be that this blocker is something else entirely, lol.
edcase