Apart from our typical application penetration testing engagements, clients sometimes come to us looking to test the resiliancy of various security mechanisms they want to apply to their applications. This was the case a few weeks ago when one of our larger clients approached us and asked us to test a copy protection, DRM solution for one of their Android applications.
Attacking copy protection is usually a combination of both static and dynamic analysis. This includes looking at the reverse-engineered source code to figure out how the copy protection worked and to find any encryption keys, as well as, watching the application transform into the unencrypted version.
Our first step was to reverse engineer the target .apk file using dex2jar and JD-GUI to see the obfuscation.