Intended solution was to use frida to hook into the checkWin method to control arguments and have a win condition. But I didn't get frida to work, so I went for the unintended solution which is to recover the encrypted flag by reusing the same methods in the apk. full writeup [here](https://blackbeard666.github.io/pwn_exhibit/content/2020_CTF/InterIUTCTF/android_jankenpon_writeup.html) (https://blackbeard666.github.io/pwn_exhibit/content/2020_CTF/InterIUTCTF/android_jankenpon_writeup.html)