TLDR: It's a JSON serializer, you can enter something like: {1337:"aaaaa"} to get to a string comparison part with EEPROM data. You can use this side channel to leak 32 bytes of EEPROM which contains the flag.

Full writeup