An open source implementation of the grantor role in Apple’s Wi-Fi Password Sharing protocol.
OpenWifiPass is experimental software and is the result of reverse engineering efforts by the Open Wireless Link project. The code serves solely documentary and educational purposes. It is untested and incomplete. For example, the code does not verify the identity of the requestor. So, do not use this implementation with sensitive Wi-Fi credentials. OpenWifiPass is not affiliated with or endorsed by Apple Inc.
Hardware: Bluetooth Low Energy radio, e.g., Raspberry Pi 4
OS: Linux (due to the
Clone this repository and install it:
git clone [email protected]/seemoo-lab/openwifipass.git
pip3 install ./openwifipass
openwifipass to share Wi-Fi credentials (
PSK) with any requestor (we need super user privileges to use the Bluetooth subsystem):
sudo -E python3 -m openwifipass --ssid <SSID> --psk <PSK>
Use quoting of your shell to remove special meaning of certain characters in
PSK. In the example below, we use single quotes (
') to prevent shell expansion of the
$ character in the PSK.
A successful run of the protocol would look as follows:
[email protected]:~/openwifipass $ sudo -E python3 -m openwifipass --ssid OWL --psk '$uper$ecretPassword'
SSID match in PWS advertisement from aa:bb:cc:dd:ee:ff
Connect to device aa:bb:cc:dd:ee:ff
Wi-Fi Password Sharing completed
This projects contains a reusable OPACK (de)serializer. Read OPACK.md for more information.
- Jannik Lorenz
- Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick. Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi. 30th USENIX Security Symposium (USENIX Security ’21), August 11–13, 2021, Vancouver, B.C., Canada. To appear.
- Jannik Lorenz. Wi-Fi Sharing for All: Reverse Engineering and Breaking the Apple Wi-Fi Password Sharing Protocol. Bachelor thesis, Technical University of Darmstadt, March 2020.