Apple - How to decrypt shared WiFi passwords?

The summary answer is that the password doesn't need to be passed as the authentication can take advantage of a derived value that combines the SSID and the passphrase into a longish hexadecimal string (or value since everything is a number in the end) and stores that. You would need to reverse engineer or crack that intentional one way process to remove the password component of the end product.

Here is an article that describes your question.

Alright, for example here is the password I used: SomeSnazzyPassphrase! And here it is in the keychain after iOS shares it to a Mac CEAF1EE4F3050D25F2EF057A66CFD4570559C95656450407136347B75960255E

Before we understand how to reverse it, we must understand how we got there.

First of all we're using a program called wpa_passphrase, which is used in combination of your SSID and Passphrase, to generate that long encoded string.

This is how we obtained the large "password" above: wpa_passphrase <ssid> [passphrase]
For example wpa_passphrase MySSID SomeSnazzyPassphrase!
And we have the PSK hashed created to be CEAF1EE4F3050D25F2EF057A66CFD4570559C95656450407136347B75960255E

Now as wpa_supplicant uses an AES-based cipher, reversing that isn't going to be easy. In fact, I'm just going to go out on a limb and say it's practically impossible.