Updated: January 2025
Current command:
hf mfdes createmacfile --help
Create Transaction MAC file in the application. Application master key needs to be provided or flag --no-auth set (depend on application settings). usage: hf mfdes createmacfile [--kdf <none|AN10922|gallagher>] options: -h, --help This help -a, --apdu Show APDU requests and responses -v, --verbose Verbose output -n, --keyno <dec> Key number -t, --algo <DES|2TDEA|3TDEA|AES> Crypt algo -k, --key <hex> Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes) --kdf <none|AN10922|gallagher> Key Derivation Function (KDF) -i, --kdfi <hex> KDF input (1-31 hex bytes) -m, --cmode <plain|mac|encrypt> Communicaton mode -c, --ccset <native|niso|iso> Communicaton command set --schann <d40|ev1|ev2|lrp> Secure channel --aid <hex> Application ID (3 hex bytes, big endian) --isoid <hex> Application ISO ID (ISO DF ID) (2 hex bytes, big endian) --fid <hex> File ID (1 hex byte) --amode <plain|mac|encrypt> File access mode --rawrights <hex> Access rights for file (2 hex bytes) R/W/RW/Chg, 0x0 - 0xD Key, 0xE Free, 0xF Denied --rrights <key0..key13|free|deny> Read file access mode: the specified key, free, deny --wrights <key0..key13|free|deny> Write file access mode: the specified key, free, deny --rwrights <key0..key13|free|deny> Read/Write file access mode: the specified key, free, deny --chrights <key0..key13|free|deny> Change file settings access mode: the specified key, free, deny --no-auth Execute without authentication --mackey <hex> AES-128 key for MAC (16 hex bytes, big endian). (def: all zeros) --mackeyver <hex> AES key version for MAC (1 hex byte). (def: 0x0) examples/notes: --rawrights have priority over the separate rights settings. Key/mode/etc of the authentication depends on application settings Write right should be always 0xF. Read-write right should be 0xF if you not need to submit CommitReaderID command each time transaction starts hf mfdes createmacfile --aid 123456 --fid 01 --rawrights 0FF0 --mackey 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file with parameters. Rights from default. Authentication with defaults from `default` command hf mfdes createmacfile --aid 123456 --fid 01 --amode plain --rrights free --wrights deny --rwrights free --chrights key0 --mackey 00112233445566778899aabbccddeeff -> create file app=123456, file=01, with key, and mentioned rights with defaults from `default` command hf mfdes createmacfile -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 --fid 01 -> execute with default factory setup. key and keyver == 0x00..00 hf mfdes createmacfile --isoid df01 --fid 0f --schann lrp -t aes --rawrights 0FF0 --mackey 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file via lrp channel hf mfdes createmacfile --isoid df01 --fid 0f --schann lrp -t aes --rawrights 0F10 --mackey 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file via lrp channel with CommitReaderID command enable