TL;DR: There is enough exposed information in the app source to decrypt the flag. [Full writeup here](https://github.com/ryan-cd/ctf/tree/master/interIUT-2020/jankenpon).

Original writeup (https://github.com/ryan-cd/ctf/tree/master/interIUT-2020/jankenpon).