| Stage | What Happens | Tools Involved | |-------|--------------|----------------| | | The wireless interface is switched to a raw‑packet listening state (no association). | airmon-ng (or hcxdumptool with --enable_mon ) | | 2. Capture Handshake / PMKID | The tool listens for the 4‑message WPA 4‑way handshake (or the newer PMKID extraction from association frames). | airodump-ng (handshake) or hcxdumptool --pmkid (PMKID) | | 3. Verify Capture | A quick sanity check confirms that a complete handshake (EAPOL messages) or a valid PMKID is present. | aircrack-ng -J or hcxpcaptool | | 4. Convert to .hccapx | The raw capture is transformed into the hashcat‑ready format ( .hccapx ). | hcxpcaptool | | 5. Run Attack | A password list (dictionary) or a mask (pattern) is tried against the hash. GPU acceleration can speed this up dramatically. | hashcat -m 22000 (PMKID) or hashcat -m 2500 (handshake) | | 6. Result | If a matching PSK is found, hashcat outputs it. The GUI can display it or write to a log file. | hashcat |
| File / Folder | Purpose | |---------------|---------| | antiwpa.exe (x64) | Main GUI front‑end that orchestrates the workflow. | | antiwpa32.exe (x86) | 32‑bit counterpart for older Windows versions. | | aircrack-ng\* | Classic packet‑capture and cracking binaries ( airmon-ng , airodump-ng , aircrack-ng ). | | hashcat.exe | GPU‑accelerated dictionary / mask attack engine. | | hcxdumptool.exe / hcxpcaptool.exe | Modern tools to capture and convert raw Wi‑Fi frames into hashcat‑compatible .hccapx files. | | wordlists\* | Sample password dictionaries (often rockyou.txt or a smaller curated list). | | README.txt | Basic usage hints, command‑line arguments, and attribution. | | lib\* | Supporting DLLs (e.g., WinPcap / Npcap driver, OpenCL runtime). | Antiwpa-V3.4.6 For X64 And X86.zip
The GUI simply glues together the command‑line utilities, presenting a “one‑click” flow: | Stage | What Happens | Tools Involved
Typical use‑cases (legitimate) include: | airodump-ng (handshake) or hcxdumptool --pmkid (PMKID) |
