PM3 Commands Reference (Iceman Firmware):

Main Help

---

Current command:
hf mfdes createvaluefile --help

---

Create Value file in the application. Application master key needs to be provided or flag --no-auth set (depend on application settings).

usage:
    hf mfdes createvaluefile [-hav] [-n <dec>] [-t <DES|2TDEA|3TDEA|AES>] [-k <hex>] [--kdf <none|AN10922|gallagher>]

options:
options:
    -h, --help                     This help
    -a, --apdu                     Show APDU requests and responses
    -v, --verbose                  Verbose output
    -n, --keyno <dec>              Key number
    -t, --algo <DES|2TDEA|3TDEA|AES> Crypt algo
    -k, --key <hex>                Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)
    --kdf <none|AN10922|gallagher> Key Derivation Function (KDF)
    -i, --kdfi <hex>               KDF input (1-31 hex bytes)
    -m, --cmode <plain|mac|encrypt> Communicaton mode
    -c, --ccset <native|niso|iso>  Communicaton command set
    --schann <d40|ev1|ev2|lrp>     Secure channel
    --aid <hex>                    Application ID (3 hex bytes, big endian)
    --fid <hex>                    File ID (1 hex byte)
    --amode <plain|mac|encrypt>    File access mode
    --rawrights <hex>              Access rights for file (2 hex bytes) R/W/RW/Chg, 0x0 - 0xD Key, 0xE Free, 0xF Denied
    --rrights <key0..key13|free|deny> Read file access mode: the specified key, free, deny
    --wrights <key0..key13|free|deny> Write file access mode: the specified key, free, deny
    --rwrights <key0..key13|free|deny> Read/Write file access mode: the specified key, free, deny
    --chrights <key0..key13|free|deny> Change file settings access mode: the specified key, free, deny
    --no-auth                      Execute without authentication
    --lower <hex>                  Lower limit (4 hex bytes, big endian)
    --upper <hex>                  Upper limit (4 hex bytes, big endian)
    --value <hex>                  Value (4 hex bytes, big endian)
    --lcredit <dec>                Limited Credit enabled (Bit 0 = Limited Credit, 1 = FreeValue)

examples/notes:
    --rawrights have priority over the separate rights settings.
    Key/mode/etc of the authentication depends on application settings
    hf mfdes createvaluefile --aid 123456 --fid 01 --lower 00000010 --upper 00010000 --value 00000100      -> create file with parameters. Rights from default. Authentication with defaults from `default` command
    hf mfdes createvaluefile --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0      -> create file app=123456, file=01 and mentioned rights with defaults from `default` command
    hf mfdes createvaluefile -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 --fid 01      -> execute with default factory setup