Updated: January 2025
Current command:
hf mfdes createapp --help
Create application. Master key needs to be provided. usage: hf mfdes createapp [--kdf <none|AN10922|gallagher>] options: -h, --help This help -a, --apdu Show APDU requests and responses -v, --verbose Verbose output -n, --keyno <dec> Key number -t, --algo <DES|2TDEA|3TDEA|AES> Crypt algo -k, --key <hex> Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes) --kdf <none|AN10922|gallagher> Key Derivation Function (KDF) -i, --kdfi <hex> KDF input (1-31 hex bytes) -m, --cmode <plain|mac|encrypt> Communicaton mode -c, --ccset <native|niso|iso> Communicaton command set --schann <d40|ev1|ev2|lrp> Secure channel --rawdata <hex> Raw data that sends to command --aid <hex> Application ID for create. Mandatory. (3 hex bytes, big endian) --fid <hex> ISO file ID. Forbidden values: 0000 3F00, 3FFF, FFFF. (2 hex bytes, big endian) --dfname <string> ISO DF Name (1..16 chars) --dfhex <hex> ISO DF Name as hex (1..16 bytes) --ks1 <hex> Key settings 1 (1 hex byte). Application Master Key Settings (def: 0x0F) --ks2 <hex> Key settings 2 (1 hex byte). (def: 0x0E) --dstalgo <DES|2TDEA|3TDEA|AES> Application key crypt algo (def: DES) --numkeys <dec> Number of keys 0x00..0x0e (def: 0x0E) --no-auth Execute without authentication examples/notes: option rawdata have priority over the rest settings, and options ks1 and ks2 have priority over corresponded key settings KeySetting 1 (AMK Setting, ks1): 0: Allow change master key. 1 - allow, 0 - frozen 1: Free Directory list access without master key 0: AMK auth needed for GetFileSettings and GetKeySettings 1: No AMK auth needed for GetFileIDs, GetISOFileIDs, GetFileSettings, GetKeySettings 2: Free create/delete without master key 0: CreateFile/DeleteFile only with AMK auth 1: CreateFile/DeleteFile always 3: Configuration changeable 0: Configuration frozen 1: Configuration changeable if authenticated with AMK (default) 4-7: ChangeKey Access Rights 0: Application master key needed (default) 0x1..0xD: Auth with specific key needed to change any key 0xE: Auth with the key to be changed (same KeyNo) is necessary to change a key 0xF: All Keys within this application are frozen KeySetting 2 (ks2): 0..3: Number of keys stored within the application (max. 14 keys) 4: ks3 is present 5: Use of 2 byte ISO FID, 0: No, 1: Yes 6..7: Crypto Method 00: DES|2TDEA, 01: 3TDEA, 10: AES, 11: RFU Example: 2E = with FID, DES|2TDEA, 14 keys 6E = with FID, 3TDEA, 14 keys AE = with FID, AES, 14 keys hf mfdes createapp --rawdata 5634122F2E4523616964313233343536 -> execute create by rawdata hf mfdes createapp --aid 123456 --fid 2345 --dfname aid123456 -> app aid, iso file id, and iso df name is specified hf mfdes createapp --aid 123456 --fid 2345 --dfname aid123456 --dstalgo aes -> with algorithm for key AES