lockdownd is a daemon that provides system information to clients using liblockdown.dylib, e.g. the IMEI, UDID, etc. Every information provided by lockdownd can be obtained via other means, e.g. the IMEI can be found using IOKit. The only advantage of using lockdownd is it has root privilege, hence avoiding having to assume super user.
See also LibMobileGestalt.dylib (which you should use if you need a device's UDID).
Non-default information of lockdownd is stored in the data ark as a dictionary in /var/root/Library/Lockdown/data_ark.plist. The keys are represented as domain-key, e.g. com.apple.mobile.iTunes.store-AppleID.
lockdownd communicates with its clients via a UNIX socket /var/run/lockdown/localcomm with SSLv3 encryption. The contents exchanged are encoded property lists. Clients will initiate an action with a plist message like this:
Request = action; ProtocolVersion = "2"; Label = execName; Domain = domain; Key = key; ...
Server may response with
Error = errMsg; Value = value; ...
lockdownd understands the following actions:
The UDID is not an internal property. It is computed with this formula:
|“||UDID = SHA1(SerialNumber + IMEI + WiFiAddress + BluetoothAddress)||”|
where "+" means string concatenation. For iPod Touch 1G (iPod1,1), WiFiAddress is always 00:00:00:00:00:00 in this formula. If any of these values are missing (e.g. there is no IMEI in iPods), they will be treated as an empty string.
On the Verizon iPhone 4 and all currently available A5 devices it is instead computed with this formula:
|“||UDID = SHA1(SerialNumber + ECID + LOWERCASE(WiFiAddress) + LOWERCASE(BluetoothAddress))||”|