PM3 Commands Reference (Iceman Firmware):

Updated: January 2025

Main Help

Up One Level

---

Current command:
hf mfdes changekey --help

---

Change PICC/Application key. Needs to provide keynum/key for a valid authentication (may get from default parameters).

usage:
    hf mfdes changekey [--kdf <none|AN10922|gallagher>]

options:
    -h, --help                     This help
    -a, --apdu                     Show APDU requests and responses
    -v, --verbose                  Verbose output
    -n, --keyno <dec>              Key number
    -t, --algo <DES|2TDEA|3TDEA|AES> Crypt algo
    -k, --key <hex>                Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)
    --kdf <none|AN10922|gallagher> Key Derivation Function (KDF)
    -i, --kdfi <hex>               KDF input (1-31 hex bytes)
    -m, --cmode <plain|mac|encrypt> Communicaton mode
    -c, --ccset <native|niso|iso>  Communicaton command set
    --schann <d40|ev1|ev2|lrp>     Secure channel
    --aid <hex>                    Application ID of application (3 hex bytes, big endian)
    --isoid <hex>                  Application ISO ID (ISO DF ID) (2 hex bytes, big endian).
    --oldalgo <DES|2TDEA|3TDEA|AES> Old key crypto algorithm
    --oldkey <old key>             Old key (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)
    --newkeyno <dec>               Key number for change
    --newalgo <DES|2TDEA|3TDEA|AES> New key crypto algorithm
    --newkey <hex>                 New key (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)
    --newver <hex>                 Version of new key (1 hex byte)

examples/notes:
    Change crypto algorithm for PICC key is possible,
    but for APP keys crypto algorithm is set by createapp command and can't be changed wo application delete
    
    hf mfdes changekey --aid 123456        -> execute with default factory setup. change des key 0 in the app 123456 from 00..00 to 00..00
    hf mfdes changekey --isoid df01 -t aes --schann lrp --newkeyno 01        -> change key 01 via lrp channelhf mfdes changekey -t des --newalgo aes --newkey 11223344556677889900112233445566 --newver a5      -> change card master key to AES one
    hf mfdes changekey --aid 123456 -t aes --key 00000000000000000000000000000000 --newkey 11223344556677889900112233445566     -> change app master key
    hf mfdes changekey --aid 123456 -t des -n 0 --newkeyno 1 --oldkey 5555555555555555 --newkey 1122334455667788      -> change key 1 with auth from key 0
    hf mfdes changekey --aid 123456 -t 3tdea --newkey 112233445566778899001122334455667788990011223344                -> change 3tdea key 0 from default 00..00 to provided