Back to MCP Servers

Jadx Ai

JADX-AI-MCP is a plugin and MCP Server for the JADX decompiler that integrates directly with Model Context Protocol (MCP) to provide live reverse engineering support with LLMs like Claude.

securityaillm
By zinja-coder
2.4k224Updated 1 month agoJavaApache-2.0

Installation

npx -y jadx-ai-mcp

Configuration

{
  "mcpServers": {
    "jadx-ai-mcp": {
      "command": "npx",
      "args": ["-y", "jadx-ai-mcp"]
    }
  }
}

How to use

  1. Run the installation command above (if needed)
  2. Open your Claude Code settings file (~/.claude/settings.json)
  3. Add the configuration to the mcpServers section
  4. Restart Claude Code to apply changes
<div align="center">

JADX-AI-MCP (Part of Zin MCP Suite)

⚡ Fully automated MCP server + JADX plugin built to communicate with LLM through MCP to analyze Android APKs using LLMs like Claude — uncover vulnerabilities, analyze APK, and reverse engineer effortlessly.

GitHub contributors JADX-AI-MCP GitHub contributors JADX-MCP-SERVER GitHub all releases GitHub release (latest by SemVer) Latest release Java 11+ Python 3.10+ License

⭐ Contributors

Thanks to these wonderful people for their contributions ⭐

<table> <tr align="center"> <td> <a href="https://github.com/ljt270864457"> <img src="https://avatars.githubusercontent.com/u/8609890?v=4" width="30px;" alt=""/> <br /><sub><b>ljt270864457</b></sub> </a> </td> <td> <a href="https://github.com/p0px"> <img src="https://avatars.githubusercontent.com/u/161268024?v=4" width="30px;" alt=""/> <br /><sub><b>p0px</b></sub> </a> </td> <td> <a href="https://github.com/bx33661"> <img src="https://avatars.githubusercontent.com/u/138348615?v=4" width="30px;" alt=""/> <br /><sub><b>bx33661</b></sub> </a> </td> <td> <a href="https://github.com/Haicaji"> <img src="https://avatars.githubusercontent.com/u/132796021?v=4" width="30px;" alt=""/> <br /><sub><b>Haicaji</b></sub> </a> </td> <td> <a href="https://github.com/mostafaNazari702"> <img src="https://avatars.githubusercontent.com/u/93077724?v=4" width="30px;" alt=""/> <br /><sub><b>Mostafa Nazari</b></sub> </a> </td> <td> <a href="https://github.com/ChineseAStar"> <img src="https://avatars.githubusercontent.com/u/24355243?v=4" width="30px;" alt=""/> <br /><sub><b>ChineseAStar</b></sub> </a> </td> <td> <a href="https://github.com/cyal1r"> <img src="https://avatars.githubusercontent.com/u/33282478?v=4" width="30px;" alt=""/> <br /><sub><b>cyal1</b></sub> </a> </td> <td> <a href="https://github.com/badmonkey7"> <img src="https://avatars.githubusercontent.com/u/41368882?v=4" width="30px;" alt=""/> <br /><sub><b>badmonkey7</b></sub> </a> </td> <td> <a href="https://github.com/tiann"> <img src="https://avatars.githubusercontent.com/u/4233744?v=4" width="30px;" alt=""/> <br /><sub><b>tiann</b></sub> </a> </td> <td> <a href="https://github.com/ZERO-A-ONE"> <img src="https://avatars.githubusercontent.com/u/18625356?v=4" width="30px;" alt=""/> <br /><sub><b>ZERO-A-ONE</b></sub> </a> </td> <td> <a href="https://github.com/neoz"> <img src="https://avatars.githubusercontent.com/u/360582?v=4" width="30px;" alt=""/> <br /><sub><b>neoz</b></sub> </a> </td> <td> <a href="https://github.com/SamadiPour"> <img src="https://avatars.githubusercontent.com/u/24422125?v=4" width="30px;" alt=""/> <br /><sub><b>SamadiPour</b></sub> </a> </td> <td> <a href="https://github.com/wuseluosi"> <img src="https://avatars.githubusercontent.com/u/192840340?v=4" width="30px;" alt=""/> <br /><sub><b>wuseluosi</b></sub> </a> </td> <td> <a href="https://github.com/CainYzb"> <img src="https://avatars.githubusercontent.com/u/50669073?v=4" width="30px;" alt=""/> <br /><sub><b>CainYzb</b></sub> </a> </td> <td> <a href="https://github.com/tbodt"> <img src="https://avatars.githubusercontent.com/u/5678977?v=4" width="30px;" alt=""/> <br /><sub><b>tbodt</b></sub> </a> </td> <td> <a href="https://github.com/LilNick0101"> <img src="https://avatars.githubusercontent.com/u/100995805?v=4" width="30px;" alt=""/> <br /><sub><b>LilNick0101</b></sub> </a> </td> <td> <a href="https://github.com/lwsinclair"> <img src="https://avatars.githubusercontent.com/u/2829939?v=4" width="30px;" alt=""/> <br /><sub><b>lwsinclair</b></sub> </a> </td> </tr> </table> </div> <!-- It is a still in early stage of development, so expects bugs, crashes and logical erros.--> <!-- Standalone Plugin for [JADX](https://github.com/skylot/jadx) (Started as Fork) with Model Context Protocol (MCP) integration for AI-powered static code analysis and real-time code review and reverse engineering tasks using Claude.--> <div align="center"> <img alt="banner" height="480px" widht="620px" src="docs/assets/img.png"> </div> <!-- ![jadx-ai-banner.png](docs/assets/img.png) Image generated using AI tools. -->

Read The Docs


🤖 What is JADX-AI-MCP?

JADX-AI-MCP is a plugin for the JADX decompiler that integrates directly with Model Context Protocol (MCP) to provide live reverse engineering support with LLMs like Claude.

Think: "Decompile → Context-Aware Code Review → AI Recommendations" — all in real time.

High Level Sequence Diagram

sequenceDiagram
LLM CLIENT->>JADX MCP SERVER: INVOKE MCP TOOL
JADX MCP SERVER->>JADX AI MCP PLUGIN: INVOKE HTTP REQUEST
JADX AI MCP PLUGIN->>REQUEST HANDLERS: INVOKE HTTP REQUEST HANDLER
REQUEST HANDLERS->>JADX GUI: PERFORM ACTION/GATHER DATA
JADX GUI->>REQUEST HANDLERS: ACTION PERFORMED/DATA GATHERED
REQUEST HANDLERS->>JADX AI MCP PLUGIN: CRAFT HTTP RESPONSE
JADX AI MCP PLUGIN->>JADX MCP SERVER:HTTP RESPONSE
JADX MCP SERVER->>LLM CLIENT: MCP TOOL RESULT

Watch the demos!

  • Perform quick analysis

https://github.com/user-attachments/assets/b65c3041-fde3-4803-8d99-45ca77dbe30a

  • Quickly find vulnerabilities

https://github.com/user-attachments/assets/c184afae-3713-4bc0-a1d0-546c1f4eb57f

  • Multiple AI Agents Support

https://github.com/user-attachments/assets/6342ea0f-fa8f-44e6-9b3a-4ceb8919a5b0

  • Run with your favorite LLM Client

https://github.com/user-attachments/assets/b4a6b280-5aa9-4e76-ac72-a0abec73b809

  • Analyze The APK Resources

https://github.com/user-attachments/assets/f42d8072-0e3e-4f03-93ea-121af4e66eb1

  • Your AI Assistant during debugging of APK using JADX

https://github.com/user-attachments/assets/2b0bd9b1-95c1-4f32-9b0c-38b864dd6aec

It is combination of two tools:

  1. JADX-AI-MCP
  2. JADX MCP SERVER

🤖 What is JADX-MCP-SERVER?

JADX MCP Server is a standalone Python server that interacts with a JADX-AI-MCP plugin (see: jadx-ai-mcp) via MCP (Model Context Protocol). It lets LLMs communicate with the decompiled Android app context live.


Other projects in Zin MCP Suite

Current MCP Tools

The following MCP tools are available:

  • fetch_current_class() — Get the class name and full source of selected class
  • get_selected_text() — Get currently selected text
  • get_all_classes() — List all classes in the project
  • get_class_source() — Get full source of a given class
  • get_method_by_name() — Fetch a method's source
  • search_method_by_name() — Search method across classes
  • search_classes_by_keyword() — Search for classes whose source code contains a specific keyword (supports pagination)
  • get_methods_of_class() — List methods in a class
  • get_fields_of_class() — List fields in a class
  • get_smali_of_class() — Fetch smali of class
  • get_main_activity_class() — Fetch main activity from jadx mentioned in AndroidManifest.xml file.
  • get_main_application_classes_code() — Fetch all the main application classes' code based on the package name defined in the AndroidManifest.xml.
  • get_main_application_classes_names() — Fetch all the main application classes' names based on the package name defined in the AndroidManifest.xml.
  • get_android_manifest() — Retrieve and return the AndroidManifest.xml content.
  • get_manifest_component - Retrieve specific manifest component instead of whole manifest file
  • get_strings() : Fetches the strings.xml file
  • get_all_resource_file_names() : Retrieve all resource files names that exists in application
  • get_resource_file() : Retrieve resource file content
  • rename_class() : Renames the class name
  • rename_method() : Renames the method
  • rename_field() : Renames the field
  • rename_package() : Renames whole package
  • rename_variable() : Renames the variable within a method
  • debug_get_stack_frames() : Get the stack frames from jadx debugger
  • debug_get_threads() : Get the insights of threads from jadx debugger
  • debug_get_variables() : Get the variables from jadx debugger
  • xrefs_to_class() : Find all references to a class (returns method-level and class-level references, supports pagination)
  • xrefs_to_method() : Find all references to a method (includes override-related methods, supports pagination)
  • xrefs_to_field() : Find all references to a field (returns methods that access the field, supports pagination)

🗒️ Sample Prompts

🔍 Basic Code Understanding

"Explain what this class does in one paragraph."

"Summarize the responsibilities of this method."

"Is there any obfuscation in this class?"

"List all Android permissions this class might require."

🛡️ Vulnerability Detection

"Are there any insecure API usages in this method?"

"Check this class for hardcoded secrets or credentials."

"Does this method sanitize user input before using it?"

"What security vulnerabilities might be introduced by this code?"

🛠️ Reverse Engineering Helpers

"Deobfuscate and rename the classes and methods to something readable."

"Can you infer the original purpose of this smali method?"

"What libraries or SDKs does this class appear to be part of?"

"Tell me which classes contains code related to 'encryption'?"

📦 Static Analysis

"List all network-related API calls in this class."

"Identify file I/O operations and their potential risks."

"Does this method leak device info or PII?"

🤖 AI Code Modification

"Refactor this method to improve readability."

"Add comments to this code explaining each step."

"Rewrite this Java method in Python for analysis."

📄 Documentation & Metadata

"Generate Javadoc-style comments for all methods."

"What package or app component does this class likely belong to?"

"Can you identify the Android component type (Activity, Service, etc.)?"

🐞 Debugger Assistant

   "Fetch stack frames, varirables and threads from debugger and provide summary"

   "Based the stack frames from debugger, explain the execution flow of the application"

   "Based on the state of variables, is there security threat?"

🛠️ Getting Started

1. Download from Releases: https://github.com/zinja-coder/jadx-ai-mcp/releases

[!NOTE]

Download both jadx-ai-mcp-<version>.jar and jadx-mcp-server-<version>.zip files.

# 0. Download the jadx-ai-mcp-<version>.jar and jadx-mcp-server-<version>.zi

…
View source on GitHub