need a hint with ropmev2

Hi,
i was just trying to solve ropmev2 i know it will be ROP and with printf leak will calculate the libc addresses but i have a weird thing happening
firstly i managed to calculate the eip offset to do buffer overflow but when i try for example

shell@kernel:~# gdb ./ropmev gdb-peda > r Starting program: /New Folder/ropmev2 Please dont hack me DEBUG I dont know what this is 0x7fffffffdf50 Please dont hack me {pattern}BBBBDDDDCCCCEEEEFFFF
expected that eip at stack frame will be overwritten with the value of BBBBDDDDCCCCEEEEFFFF but i see really weird values like OOOOQQQQPPPPRRRRSSSS and so on of values lik ‘NNNNN’ i tried to search the binary cant see anything happening with the input so why do it changes when it enter read( ) ?
i need to know if it is a part of the challenging or what ?

Yes, it’s part of the challenge to reverse engineer the transformation. It’s not difficult.

Type your comment> @kernel51 said:

Hi,
i was just trying to solve ropmev2 i know it will be ROP and with printf leak will calculate the libc addresses but i have a weird thing happening
firstly i managed to calculate the eip offset to do buffer overflow but when i try for example

shell@kernel:~# gdb ./ropmev gdb-peda > r Starting program: /New Folder/ropmev2 Please dont hack me DEBUG I dont know what this is 0x7fffffffdf50 Please dont hack me {pattern}BBBBDDDDCCCCEEEEFFFF
expected that eip at stack frame will be overwritten with the value of BBBBDDDDCCCCEEEEFFFF but i see really weird values like OOOOQQQQPPPPRRRRSSSS and so on of values lik ‘NNNNN’ i tried to search the binary cant see anything happening with the input so why do it changes when it enter read( ) ?
i need to know if it is a part of the challenging or what ?

Check the function which is doing this. You need to bypass that…