Bestand wählen
Merken

DPRK Consumer Technology

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
and and
the and
the Democratic People's Republic of Korea as most of you know it North Korea is a topic which is already following as ed Congress for 4 years it all started at in the steady 1 C 3 with lists God 1 of our speakers today giving a talk of rights teaching computer science in and North Korea the topic was then down on by Fernando know any class them just who talked about the red star S and also the tablet PC called wooden the today we will hear the next episode we will hear by consumer electronics and North Korea we will take a peek behind the curtain learn about the Internet and so is my current market situation there I speak yesterday I would start as security post doc and as well as his friend gave Edwards security consultant and they will give us a peek behind the thickness curtain yeah so please let come will engage with a big round of applause Thank you for being here already thank thank you I agree so I just just to put this in perspective right 1 of the disclaimers is that the words they get used especially on this topic often have a lot of meaning that there there is a a uh a reason that that will be calling this DPRK or create throughout that's that's often the word you hear a people who are dealing with engagement with the country on North Korea is the term that the country does not call itself but rather is what typically more adversarial countries used to talk about it as an occupying presents so so that that that language is is this would work that exist here so that we're going to talk some about white consumer technology looks like and how it's evolving and what's going on there I think we're pretty about this I want to start by by setting a little bit of of context from this is that the science technology complex that opened in 2015 but it's it's an island in a river to the South Side of young it's still in the main city so there was a pretty major construction project it went on for about a year before they openness in the lobby they've got this nice diorama of of what the building looks like and it actually this is the rest of the lobby it looks pretty modern they they have this sort of pastel scheme that you actually see a lot in in modern architectural construction there so so if you go into the new water park or be on the boat restaurant that they've the last couple years to the same design styling this building is hard science museum that has a bunch of sort of interactive and exploratory exhibits that you might have a class of of children come through to learn but it also has lecture halls them and it also has a library and when you look at parts of it are at the library you see
a ton of computers all right this this is a technically there there there is technology here and and the thing that is really I think fascinating and revealing about where we are in terms of our understanding of this country is you look at these
computers and yet again we see this thing that doesn't look familiar but this isn't red star but it's not quite anything that looks like the tablets we've seen that's that's a desktop monitor and it's not Windows or Mac it's yet again something new and in fact you know playing with this you find that it is but it's right that's that's been put in this custom does all it has a keyboard and mouse but by but it's got an Android task bar at the top to let you know what apps are there and it's yet another they have special case to customize the distribution that works for this purpose so I think we and for each 1 of these that maybe we have seen there's there's many more that we have the so I want to just get us at a speed on what we do know to start with because we've seen red star this is version 3 it came out 3 years ago or that that we learned about WordStar version 3 this this thing that sort of Mac-like there's actually a couple other versions that ended up on the internet that we know stuff about and we we have at some level a better picture of what the desktop technology looks like we've we've seen version 2 . 5 which looks somewhat Windows-like but there's been a release of the server version that that run some of the web servers and from the country and then 2 years ago a fluorine the classes talk but they actually went in and did a bunch of analysis of that along with on the internet that been blog posts of other people who follow posted CDs of various bugs that they found in this so I figured out how to make a run on the external Internet by changing firewall rules and and really just like learning a lot about but the environment that this thing was working in and the properties of we have a bit less on the mobile site so this
is what a story in in Korea and in Kenya and sort of looks like there's a lot of summer left tablets and phones on the right of for sale but we gotta talk last year again from from the class and then Florian about that will tablet and I think that's actually I we on the 2nd row of in this picture and and we got a sense of some of the information controls there in particular right so so what they talked about was so how this thing prevent some types of file copies and transferring the and some of those sort of surveillance things that are built into it and but again we can get too much in terms of hard work that divide our teeth into finally there's this like next layer up the software ecosystem this is an
app store again in Korea and you go to a place and they have nice this is this is a nice 1 where they've got pictures so I can see which games is that are for sale that open and put this in my device into a computer and transfer apse onto the device and so we get all of this and then we have mostly anecdotes they're they're helping us sort of gets small pictures and I think the real
problem right is that all these devices this is an example of a few no and and we really I think are quite far behind and having that bar lowered for people to play and understand what these things are so I want what I want to do to like try and explain that situation that were in is is talk about why were there and the different sort of general groups of where these devices and up but I realize that that's talk about motives and that is often like the way that you get people mad at you know if you try describes the motivation to them that they disagree with so realize that these events broad strokes and not really indicative of everyone but but this gives you some sense of why we still ended up in this world of not knowing much publicly and maybe there's a quote from this is from conventional that's that's relevant and and and so as you know uh Koreans are quite intelligent people and and even in computer acknowledging we itself I think this is something that we may be don't appreciate when we're thinking about this and it is rational for creates not want this stuff to come out right they are worried about adversarial governments trying to leverage whatever they can but it seems rational that it's in their best interest to make it difficult for the stuff to get out and for people to be able to attack them with and that's what we've seen in you know against the threat model well implemented in a copy control and and other sort of limitations on the on the devices in terms of foreigners who have access to these devices I think there's sort of 2 classes what we saw in the talk last year but was a device that came out through a defector group out so you've got someone who left with this device and now is trying to figure out what what's on it and that is this adversarial relationship where the goal there is to do damage to the country and so there's much more value in having 0 days than there is in releasing this because then the security fixed and so you'll see that you know for any device that comes out there there's really the sensitivity both in terms of not like to identify people but also in both we find anything that's like we want to be able to to do something with it I think in fact there's many more devices that don't come out that way but that are held by foreigners who are working constructively with the country and for them the river the reason is somewhat different and I think the reason for them is that in many cases that they're worried about sort of the unknown unknowns of could someone get in trouble will this result in my connection to the country getting disrupted of the people I like and work with getting in trouble for having given me the device that have been done something reckless with right so we can see from like a bunch of individual perspective why we don't have more of this technology out there but we can also understand that you know as the public the this creates this weird thing where world fast and they don't have access and and and that I think also in the spirit of you know for Korea this is a great because the bugs going hatch and they don't get a better security the so this is the electronic goods store at the airport which somewhat counter-intuitively doesn't actually sell the tablets to foreigners but they do have some of what we're what we're going to talk about for the rest of this talk is in after that but I guess where were served putting out on the web so called computer create computer centered on Aug and we're we're going to try and release a bit more of this technology am going to talk through the 3 initial things that were going to put up there that we help people play with and this is in this spirit that this we think this makes like better than both of for Korea and for the outside world for Korea the same thing I was just saying I think you get better security in the long run we we think as a community understand the value of open source software and having many eyes on it and find bugs we've already seen that on the artifact that have got now but for us I I think it's a great chance to so to to do 2 things 1 1 it for the understanding of more consistently so we actually understand what is going on in the country and can make use of rational policy decisions at some high level but it's also fascinating and we get to preserve this anthropological artifact of this really amazing parallel development that has created that that exists of of what technology is like in Korea so In that spirit of all it's about what's coming out of some of this I think that is showing up on the BitTorrent links that are on this site is preconditioner adored as we speak the 1st is a phone image uh there's a system partition and a partition of recovery for this phone up opinion to 407 and the sun was chosen because it's made by a Chinese OEM urgently and which also creates the same hardware but in Indian model so if you've got a friend in India at least you can get the genie out of the 5 it's exactly the same hardware and so these images can load onto 1 of these phones and then you will also be able to run this operating system and so rather than just doing static analysis of what's there you can actually see how that fits together and what actually happens and how it works so that it does shut down when a SIM card from a different operated at point and all these sorts of things and so this is this is just I guess I'll say the the basic phones system it doesn't include but most apps but it's got a bunch of that sort of operating system Mobile copy controls you can get your hands on the the red star protection things that were talked about last year and the 2nd thing is that for apps we're going to try something a little bit older this is this Mg and tablet which is 1 of the 1st tablets that they came out in 2011 2012 error so this was sort of at the beginning of a tree is sort of introduction of widespread consumer electronics so got circulated quite a bit it was a larger run of devices than many of them and it in fact so widespread that there's there's 1 of these devices in the stanford library and so I guess the other thing of stresses these devices are out there and it's a matter of making sure that we're releasing these in way where it's just like this is software but were not necessarily getting anyone in particular in trouble because these devices we know on a bunch of places and then the attribution becomes part of that point for anyone to like lose lose contacted in trouble and so there's there's a basic set of APs on the come there but uh this these are some of the icons that a nice 1 that has a bunch of recipes so that the thing I'll say about these but these were made for the specific device and this is the thing that you'll see I think throughout all the software you actually take a look at it and and so there's a lot of hard coded path so as well as the AP case themselves you'll find that of the reference things that they expect to be in specific parts of the SD card others files are included but it's unlikely that if you just copy APK on two-way entered phone no it will not be able to show you much content of so it would be awesome if someone who enjoys small I once the total sum have so that this can look for internal resources instead of and lowered the bar for the so the more people play I think the other thing that's interesting here is pretty much all of these apps use their own specific binary format that's like that again this totally new thing worth like someone discounted sum to lead a 1 off thing and but with
and the final thing is we're going to release a bunch of educational materials that to sort of end up on these devices education is 1 of the big purposes right you're you're giving these to the the children and teenagers who were especially excited about technology and 1 of the useful things that they can do is use that for for the coccygeal on in in getting acidic yes there's sort of like a usable but we we ended up having to do some work on a turnover to gave to explain for the process we went through in getting this this last set of the the textbooks but that there gonna come up you think of some so basically when I got involved with this situation as far as the textbooks was that we had a quite a few these files and the 2 things you could tell on the surface of 1 is that the kind PDF files based on the farm and and and some of them have titles in an English or Korean that suggest what's inside but I would assume a screen is not we saw because none of these files were 20 years so is that of sort of custom DRM that's been applied these files from industry rudimentary but done it accident a remarkably decent job of what we think it was designed for which is that of the textbooks that come with words become with or the added to 1 device some are of the will to be accessed on a different effects and is also he told the VCF files out of the device and some of its country and don't readable now 1 thing I will say is that we know from from the previous talks on red star that developers in and for the DPRK have implemented actual ATS like encryption this is not that it's fairly basic and we did find some intervals and and so on all but what we did so well in these files from the 1st noticed is that they don't have the after the 1st invites have this reference for this gentle reference anyway to what might you date in little-endian format so this might be either december 1st order falls in 1978 uh if you have any idea what that means to less notice for countries the next thing is that when we started to look the devices because we also had the the applications that read these files um 1 of them has a hard coded reference to those 1st 4 bytes and so when you look at what that application was about find this is at called utk . and regard reader which if you go to the Google Play Store is just a commercially available on the if Frederick the but it's not really because it's been modified to implement the and the deer and that really yeah so basically we took the view the copy of the reader that's available online and 1 2 copies of the devices and compare them we find that the application calls out to a shared library 1 wants to possibly a file and the library looks kind of like this these are the all sections of the file and it's true really normal when you look at the copy that on spondee DPRK from the inverse of the act this is 1 section added that kind of jumps out but it's literally called . modified so when you look into what's in that section of we see something like this and this is really not to be legible some of these sources of text and because it's difficult for mom but we have the original D. compiled code on the left and the DPRK version on the right In the 2 things I just wanna highlight our at the top and the original function that that would be feeling a buffer to read the file has been replaced by stuff that calls this sort of custom method in the modified section and this version that's over modified section those basically the exact same thing except in 1 case it will I'm call another function that doesn't decryption and there's some other things as well a modified section this is just 1 example of from now the reason that this is kind interesting to us is that it really shows us that these modifications were not made by someone who had source code like this is kind of crazy low-level like crazy but again it's it's really low-level modification of the binary itself so when you look into those functions are they do um will research finding is that the shared library modified version of a shared library has this 512 bytes had some which basically gets used all over again as part of the decryption process and when things about it is that for different files you will start using it at a different point and there's also a four-way key destined for every file which comes from a combination of a few bytes in the file header itself and a per-device key so that per-device key on is kind of interesting so they're taking will the the day you want for Mikey and the generating it out of 86 might MAC address in the code of the kind looks like this this is us reaffirming it and go some will read things about it is that some of these devices may not actually have useful MAC addresses so in some cases and that addresses using is actually just a are value in a file of all the time when it reads these addresses this really just reading some code or some of some text of that system ETC MAC address file so if you have a key and the processing is really simple and you take that you on subtract some of the bytes ones marked of Y and then you get your for quite restrictive and the point in the ad that I mentioned for the so concerning after is just that same value empowerment interpreted as integer solve because that's the length of the fat and in all the examples we looked at Chorus 1st we detail these headers only had some pieces for like 1 device but looking at the decay of the compiled code it looks like it might be possible to have what 1 file that can be triggered by multiple different devices that we just haven't actually seen a file that was like that so the way that actually does decryption army is byte-by-byte and this is a simplified view of what's going on we're releasing a tool that will do this for clean has all the details and but cannot show what you're doing is using a little bit of math to figure out where you are starting from for all these operations and then for each lighting unit script you take your a contribute by you subtract 1 of the profile lights and then you things around with whether by from that fight for had so the cool thing about this from my point of view is that this process is fully reversible so if you don't know your profile the but you do know what that plain text should look like you can run this backwards and going to do again so what if you just get a bunch of these files and you have no device it
came from and you just want to look at them I cannot do it like this it's really good to you are mutually brute force all the potential of positions to starting from which is 1 of the many many because that is not very big on it's kind of plaintext attack and on plain text matter a PDF file always looks like % ideas and there's a version of so you take 4 bytes you calculate the profile the that you need to come to make that crypt 2 % yes and you take the same profile key and you see that would be able to decode the next section to arm lovers number and line up the voluntarily and so is on this for all of the is also we found and on the C 1 of plaintext for all things 1 of the things we noticed after detecting these files is that many of them have water marks the end so if we look back to some of the torques on the rights ROS from past years and fluorine and because did some work on understand what's the water markets and what you want full details look at those talks about to summarize it of every time the File passes through desktop systems of someone to follow this modified the US had space which have could form of the your memory no 1 really files you want to sort of obscure the origins and that any particularly for the trouble so we remove all always watermarks before releasing these and that's reasonable because the way that this works a PDF files is just that there's a known line of text in the file that represents the PDF and rights are always quantities what I'm at the end so we just top chop off the so what you have is we have like over 300 files of really different things and we can look at some of them but we're going be releasing accord with all them and we really like to see what people come up with a just means that that's the used in these files we have noticed kind yeah we had like a quick look at some of them we don't lie don't speak Korean you know some of this probably more to be found in the archive so we could look at a couple of examples of things we found the this many different kinds of books on these devices many of them are like science books there's general-purpose knowledge gives textbooks but because we want understand on the state of technology in in the DPRK from the part that's most interesting to us right now your science textbooks so look to the examples we have our this Java Programming book and this can decide they've got some possum covers and really needed and some of them are we 100 back to will talk to talk with the analysis of what we we found in these these books and sort of where they came from people yeah so may be another quote from from from journals appropriate saying that we need to be aware of the information technology industry and we need to meet the needs of the and this information technology industry and so I think 1 of the things that they comes out of these text books that that I think is sort of interesting in this is 1 of the 1st benefit is that this can help us understand sort of where create is in terms of how much emphasis its placing on this aspect but for a lot of all the educational materials they seem to be organically created they seem to be about the specific environment there's a lot of the training kids how use red star various versions of the you see that the text many of them are or are translated or follow what the curriculum and a layout of of for natural material that been translated but so for some of the ones where we could identify what the original source was that we tried to calculate how long taken because direction surprise sometimes this was a pretty quick so I'll show this waterfall graph but each of these bars represents 1 book and some of the titles at the bottom there quite small and the the Y axis is the year the bottom is when the original English version that was used seem to come out and and the topic is when the translation was released and so what's interesting here is you see worth of given the same year sometimes a couple years of throughout this whole period of of 2000 to 2010 where they're putting up a bunch of effort into taking the 400 500 page books of the the torrent of these textbooks is for some gigs and and doing good translations fairly quickly but the these are like solid translations that code examples have been often change there's comments in Korean in there I think this is this is 0 that's or whatever that we should be understanding and I think maybe partially sort of fills this gap of like what is this disconnect between this very isolated country and the fact that it has a really strong of a computer at capability Call of 10 and I just want to sort of give an anecdote that maybe a goes to the other side of this anthropological value that we get out of the sort of work on so you've heard about Kwong me on this is the internal network Internet and and so from the educational textbooks you start to get I think more insight into sort of how this thing has progressed over over time but here's pictures from 2001 and apologize for quality this was what was there of of an early version of poignant 5 . 1 of which looks sort of like a well it was a dial-up application so that would get you documents and information you also see at that same time that there was an e-mail of lesser of corresponding app called case on so I think I got the pronunciation up to that and that was used for string we've heard that there was a messaging system we didn't really have that connected to the sort of where that fit into the puzzle of a picture that seems to be that seem to be neutral network ended up on the South Korean Internet around 2005 and they got reuse by anonymous in 2013 when they claimed to attack the Korean government services but but then sort of that that turned out to be false and that was this original to us and 5 post that someone made that seems to be a similar system and even in that doesn't 5 post so they they had sort of also the web component that's the same logo in the upper left as as they moved to serve a website that we've now seen evolved it's worth noting here require young is a single site it's a service for generally technical document retrieval argues that same site now up to the 2010 era of looking a little bit nicer at least higher quality than in the picture and and so I think what we're sorry to do is we're getting these insights through through seeing some of these more documents coming out about what this internal ecosystem actually looks like there are these these services that we can start to link over time understand what sorts of files are available in the specialties of these different groups and and and preserve some of this info network that you know in this fairly unstable environment where and danger of losing but to bring us up to current time
this is from 2015 this sort of blurry picture from a link office Correa links the mobile telephony provider and
to call out that they now have a same set of services on a poster advertising mobile service with internal to them and so we're seeing now that this is being introduced at a wider availability and advertise to people on their mobile devices or moving beyond just wire desktop connections but this is now a thing that more people are going to have access to on personal devices and and so I think you know internally were in this really exciting transitionary phase I I I am I'm happy that that more of this ends up in public so there is the sacred computer center it should already have some links more will show very soon so if you are interested we encourage you to go grab that stuff try and make it the Barlow or not if you have DPRK artifacts are info at the computer center work would love to talk to you on public's of safe and get more stuff out of 4 of the Convention but I think we or about the time where you commit thickness not so that we will take questions across the hall in the 2 rooms I think you know what to do with the in a way
that it is and the the the the fished that at the
Bit
Wasserdampftafel
Klasse <Mathematik>
Formale Sprache
Interaktives Fernsehen
EDV-Beratung
Unrundheit
Kombinatorische Gruppentheorie
Term
Komplex <Algebra>
Internetworking
Perspektive
Programmbibliothek
Informatik
NP-hartes Problem
Konstruktor <Informatik>
Computersicherheit
Gebäude <Mathematik>
Strömungsrichtung
Mailing-Liste
Nummerung
Kontextbezogenes System
Quick-Sort
Explorative Datenanalyse
Rechter Winkel
Offene Menge
Mereologie
Grundsätze ordnungsmäßiger Datenverarbeitung
Tablet PC
Wort <Informatik>
Distributionstheorie
Bit
Web log
Firewall
Klasse <Mathematik>
Versionsverwaltung
Computerunterstütztes Verfahren
Bildschirmfenster
Term
Lie-Gruppe
Übergang
Internetworking
Task
Benutzerbeteiligung
Bildschirmfenster
Analysis
App <Programm>
Kategorie <Mathematik>
Mobiles Internet
Schlussregel
Humanoider Roboter
Quick-Sort
Programmfehler
Einheit <Mathematik>
Tablet PC
Gamecontroller
Server
Programmierumgebung
NP-hartes Problem
App <Programm>
Klasse <Mathematik>
Wärmeübergang
Computer
Elektronische Publikation
Term
Quick-Sort
Spieltheorie
Rechter Winkel
Software
Datentyp
Tablet PC
Information
Speicher <Informatik>
Humanoider Roboter
Gewichtete Summe
Netzwerktopologie
Skript <Programm>
E-Mail
App <Programm>
Dicke
Hardware
Sichtenkonzept
Datentyp
Schlüsselverwaltung
Computersicherheit
Mobiles Internet
Inverse
Profil <Aerodynamik>
Dichte <Stochastik>
Ausnahmebehandlung
Ereignishorizont
Entscheidungstheorie
Garbentheorie
Menge
Rechter Winkel
Ordnung <Mathematik>
Fehlermeldung
Subtraktion
Hash-Algorithmus
Klasse <Mathematik>
Mathematisierung
Digital Rights Management
Chiffrierung
Informationsmodellierung
Arithmetische Folge
Perspektive
Flächentheorie
Netzbetriebssystem
Programmbibliothek
Disjunktion <Logik>
Attributierte Grammatik
Analysis
Soundverarbeitung
Materialisation <Physik>
Open Source
Graphiktablett
Binder <Informatik>
Elektronische Publikation
Partitionsfunktion
Chipkarte
Programmfehler
Meter
Gamecontroller
Wiederherstellung <Informatik>
Wort <Informatik>
Resultante
Sensitivitätsanalyse
Bit
Punkt
Prozess <Physik>
Adressraum
Gruppenkeim
Versionsverwaltung
Kartesische Koordinaten
Computer
Übergang
Eins
Wechselsprung
Einheit <Mathematik>
Prozess <Informatik>
Chiffre
Umwandlungsenthalpie
Nichtlinearer Operator
Lineares Funktional
Kryptologie
Quellcode
Bildschirmsymbol
Chiffrierung
Funktion <Mathematik>
Ganze Zahl
Dateiformat
Garbentheorie
Schlüsselverwaltung
Web Site
Schaltnetz
E-Mail
Term
Code
Hydrostatik
Puffer <Netzplantechnik>
Benutzerbeteiligung
Software
Adressraum
Binärdaten
Digital Rights Management
Inverser Limes
Speicher <Informatik>
Softwareentwickler
Bildgebendes Verfahren
Touchscreen
Einfach zusammenhängender Raum
Physikalisches System
Quick-Sort
Rationale Zahl
Tablet PC
Mereologie
Verbandstheorie
Information Retrieval
Vektorpotenzial
Bit
Natürliche Zahl
Applet
Versionsverwaltung
Kartesische Koordinaten
Computer
Raum-Zeit
Internetworking
Homepage
Richtung
Eins
Kryptologie
Minimum
Translation <Mathematik>
E-Mail
Gerade
App <Programm>
Dichte <Stochastik>
Schlüsselverwaltung
Datennetz
Kryptologie
Systemaufruf
Profil <Aerodynamik>
Quellcode
Dienst <Informatik>
Forcing
Rechter Winkel
Festspeicher
Garbentheorie
Information
Schlüsselverwaltung
Programmierumgebung
Zeichenkette
Fitnessfunktion
Aggregatzustand
Subtraktion
Web Site
Wellenpaket
Ortsoperator
Wasserdampftafel
Zahlenbereich
E-Mail
Term
Chiffrierung
Benutzerbeteiligung
Zusammenhängender Graph
Optimierung
Analysis
Elektronische Publikation
Graph
Materialisation <Physik>
Physikalisches System
Elektronische Publikation
Quick-Sort
Packprogramm
Moment <Stochastik>
Mereologie
Elektronisches Wasserzeichen
Einfach zusammenhängender Raum
Konvexe Hülle
Mobiles Internet
Computer
Inverter <Schaltung>
Binder <Informatik>
Service provider
Quick-Sort
Office-Paket
Dienst <Informatik>
Hardware-in-the-loop
Emulation
Menge
Einheit <Mathematik>
MIDI <Musikelektronik>
Hill-Differentialgleichung
Information
Phasenumwandlung
Gammafunktion
Hypermedia
Medianwert
Systemprogrammierung

Metadaten

Formale Metadaten

Titel DPRK Consumer Technology
Untertitel Facts to fight lore
Serientitel 34th Chaos Communication Congress
Autor Scott, Will
Edwards, Gabe
Lizenz CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/34915
Herausgeber Chaos Computer Club e.V.
Erscheinungsjahr 2017
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract The DPRK has largely succeeded at hiding its consumer technology. While versions of the desktop operating system, Red Star, have leaked, the mobile equivalent hasn't, and there remains little knowledge of the content available on the intranet. Let's fix that!
Schlagwörter Security

Zugehöriges Material

Video wird in der folgenden Ressource zitiert

Ähnliche Filme

Loading...
Feedback