preface

It would be very troublesome to manually open the reinforcement software every time and then reinforce it again. Therefore, we can customize Gradle plug-in to help us do it automatically. Here I use 360 reinforcement, and 360 reinforcement provides us with a command line help document as follows

-login <username> login <360 username> <password> < login password> -importsign <keystore_path> import signature information <key path> <keystore_password> < key password> <alias> <alias_password> <alias password> -importMulpkg <mulpkg_filepath> Import multi-channel configuration information, TXT format -showsign Displays the configured signature information -showmulpkg Displays the configured multi-channel information -deletemulpkg Clears the configured multi-channel information -help displays the help information -config Configures hardening options -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- an optional enhanced service -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - [- crashlog] [crash log analysis] [- x86] [- analyse] x86 support 】 【 【 】 strengthening data analysis [- nocert] [skip the signature verifier] [piracy] - [piracy monitoring] -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- advanced reinforcement options -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - [- VMP] [the VMP protection] [data] - [Local data file protection] [-assets] [Resource file protection] [-Filecheck] [File integrity verification] [-ptrace] [Ptrace Anti-injection] [-so] [so file protection] [-dex2c] [dex2c protection] [-string_obfus] [-dex_shadow] [-so_private] [-so_private] [-double_check] -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - config_so configuration needs to be reinforced SO file, Space delimited - config_ASSETS Resource files to be ignored for configuration, space delimited - config_SO_private SO files for configuration of anti-theft, -version displays the current version. -update to the latest version. -jiagu <inputAPKpath> hardening commands <APK path> <outputPath> <outputPath> [-autosign] [-autosign] [-automulpkg] [-pkgParam Mulpkg_filepath]Copy the code

Implementation steps

1. New Module

Let’s create a new Module called JiaguPlugin

2. Adjust the build. Gradle

Adjust build.gradle to look like this (here I developed using Kotlin)

plugins { id 'java-library' id 'kotlin' id 'maven' } java { sourceCompatibility = JavaVersion.VERSION_1_8 targetCompatibility = JavaVersion.VERSION_1_8 } repositories { mavenCentral() } dependencies { implementation "Org. Jetbrains. Kotlin: kotlin - stdlib: $kotlin_version" implementation ". Com. Android tools. Build: gradle: 2 "/ / android plugin Implementation gradleApi() implementation localGroovy()} group=' com.itfit.plugin UploadArchives {repositories {mavenDeployer{repository(URL: uri('.. /Plugins')) } } }Copy the code

3. Create the Plugin class

Create a JiaguPlugin class

package com.itfitness.jiaguplugin

import org.gradle.api.Plugin
import org.gradle.api.Project

class JiaguPlugin:Plugin<Project>{
    override fun apply(project: Project) {

    }
}
Copy the code

Then create the Resources directory and create the plug-in’s configuration file

The content of the configuration file is as follows:


implementation-class=com.itfitness.jiaguplugin.JiaguPlugin

Copy the code

4. Write the Plugin

The extension we created here is called Jiagu, which is just like the Android extension in build.gradle

class JiaguPlugin:Plugin<Project>{ override fun apply(project: Project) {// Get the parameters in the configuration (corresponding to jiagu{} in build.gradle app) val jiaguParams = project.extensions.create("jiagu",JiaguParams::class.java) } }Copy the code

The parameters in our extension are those in JiaguParams

Open class JiaguParams{var jiaguJarFilePath = "" // Jar package path var userName:String = "" // Account used to log in to 360 var password:String = "" // Password for logging in to 360 var keystorePath:String = "" // Key file path var keystorePassword:String = "" // Key file password var alias:String = "" Var aliasPassword:String = "" // aliasPassword}Copy the code

2) Add listener Add a callback after reading configuration information

class JiaguPlugin:Plugin<Project>{ override fun apply(project: Project) {// Get the parameters in the configuration (corresponding to jiagu{} in build.gradle app) val jiaguParams = Project. Extensions. The create (" jiagu, "JiaguParams: : class. Java) / / read after the configuration of the monitoring project. AfterEvaluate { println(jiaguParams.userName) } } }Copy the code

We then uploaded our plugin to the Maven repository, which is the Task that executed build.gradle. Here I uploaded the plugin to the Plugins folder of the project

We then import it in the build.gradle file of the project

Then do the following configuration in your app’s build.gradle file

Plugins {id 'com. Android. Application' id 'kotlin - android application / / reinforcement plug-in id' com. Itfitness. Jiaguplugin '} jiagu {userName 'Test account'}Copy the code

We synchronized and found that printing the following information proves that our plug-in works

3) Add the apK reinforcement Task. Here we use AppExtension to get the path of the output APK and then create the Task dynamically (for example, the default debug and release will create two tasks).

class JiaguPlugin:Plugin<Project>{ override fun apply(project: Project) {// Get the parameters in the configuration (corresponding to jiagu{} in build.gradle app) val jiaguParams = Project. Extensions. The create (" jiagu, "JiaguParams: : class. Java) / / read after the configuration of the monitoring project. AfterEvaluate {/ / get the android {} the configuration in val AppExtension = project. Extensions. GetByType (appExtension: : class. Java) / / read applicationVariants appExtension.applicationVariants.all { applicationVariant-> applicationVariant.outputs.all { output-> // Dynamically create tasks related to the output name (e.g. debug and release by default, and more if there are multi-channel packages), The last two arguments are project.tasks.create("jiagu" +) required by JiaguTask's constructor output.name,JiaguTask::class.java,output.outputFile,jiaguParams) } } } } }Copy the code

The task class JiaguTask is as follows:

open class JiaguTask @Inject constructor( val apkFile: File, val jiaguParams: JiaguParams ) : Group = "jiagu"} @taskAction fun jiagu(){ It.com mandLine (" Java ", "- the jar," jiaguParams. JiaguJarFilePath, "- the login," jiaguParams. The userName, jiaguParams. Password)} / / import signature file  project.exec { it.commandLine("java","-jar",jiaguParams.jiaguJarFilePath,"-importsign", JiaguParams keystorePath, jiaguParams keystorePassword, jiaguParams. Alias, jiaguParams. AliasPassword)} / / for reinforcement, And automatic signature project. The exec {it.com mandLine (" Java ", "- the jar," jiaguParams. JiaguJarFilePath, "- jiagu," apkFile.absolutePath,apkFile.parent,"-autosign") } } }Copy the code

4) Configure hardening information we configure our hardening information in the build.gradle file

Jiagu {userName 'your 360 account' password 'your 360 account password' jiaguJarFilePath 'D:\ Program Files (x86)\\ 360Jiagubao_windows_64 \\jiagu\\jiagu.jar' // Here fill in your own fortified JAR file location keystorePath ".. /testjks.jks" keystorePassword "testjks" alias "testjks" aliasPassword "testjks" }Copy the code

First of all, let’s make a project and generate apK file

Then we perform the hardening task, and since this is the hardened DEBUG version of APK, we perform the JiaguDebug task

After execution, we see a hardened APK generated in the same directory as the source APK