JADX-AI-MCP (Part of Zin MCP Suite)

1<div align="center">
2 
3# JADX-AI-MCP (Part of Zin MCP Suite)
4 
5⚡ Fully automated MCP server + JADX plugin built to communicate with LLM through MCP to analyze Android APKs using LLMs like Claude — uncover vulnerabilities, analyze APK, and reverse engineer effortlessly.
6 
7![GitHub contributors JADX-AI-MCP](https://img.shields.io/github/contributors/zinja-coder/jadx-ai-mcp)
8![GitHub contributors JADX-MCP-SERVER](https://img.shields.io/github/contributors/zinja-coder/jadx-mcp-server)
9![GitHub all releases](https://img.shields.io/github/downloads/zinja-coder/jadx-ai-mcp/total)
10![GitHub release (latest by SemVer)](https://img.shields.io/github/downloads/zinja-coder/jadx-ai-mcp/latest/total)
11![Latest release](https://img.shields.io/github/release/zinja-coder/jadx-ai-mcp.svg)
12![Java 11+](https://img.shields.io/badge/Java-11%2B-blue)
13![Python 3.10+](https://img.shields.io/badge/python-3%2E10%2B-blue)
14[![License](http://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html)
15 
16#### ⭐ Contributors
17 
18Thanks to these wonderful people for their contributions ⭐
19<table>
20  <tr align="center">
21  <td>
22      <a href="https://github.com/ljt270864457">
23        <img src="https://avatars.githubusercontent.com/u/8609890?v=4" width="30px;" alt=""/>
24        <br /><sub><b>ljt270864457</b></sub>
25      </a>
26    </td>
27    <td>
28      <a href="https://github.com/p0px">
29        <img src="https://avatars.githubusercontent.com/u/161268024?v=4" width="30px;" alt=""/>
30        <br /><sub><b>p0px</b></sub>
31      </a>
32    </td>
33    <td>
34      <a href="https://github.com/badmonkey7">
35        <img src="https://avatars.githubusercontent.com/u/41368882?v=4" width="30px;" alt=""/>
36        <br /><sub><b>badmonkey7</b></sub>
37      </a>
38    </td>
39       <td>
40      <a href="https://github.com/tiann">
41        <img src="https://avatars.githubusercontent.com/u/4233744?v=4" width="30px;" alt=""/>
42        <br /><sub><b>tiann</b></sub>
43      </a>
44    </td>
45    <td>
46      <a href="https://github.com/ZERO-A-ONE">
47        <img src="https://avatars.githubusercontent.com/u/18625356?v=4" width="30px;" alt=""/>
48        <br /><sub><b>ZERO-A-ONE</b></sub>
49      </a>
50    </td>
51    <td>
52      <a href="https://github.com/neoz">
53        <img src="https://avatars.githubusercontent.com/u/360582?v=4" width="30px;" alt=""/>
54        <br /><sub><b>neoz</b></sub>
55      </a>
56    </td>
57    <td>
58      <a href="https://github.com/SamadiPour">
59        <img src="https://avatars.githubusercontent.com/u/24422125?v=4" width="30px;" alt=""/>
60        <br /><sub><b>SamadiPour</b></sub>
61      </a>
62    </td>
63    <td>
64      <a href="https://github.com/wuseluosi">
65        <img src="https://avatars.githubusercontent.com/u/192840340?v=4" width="30px;" alt=""/>
66        <br /><sub><b>wuseluosi</b></sub>
67      </a>
68    </td>
69    <td>
70      <a href="https://github.com/CainYzb">
71        <img src="https://avatars.githubusercontent.com/u/50669073?v=4" width="30px;" alt=""/>
72        <br /><sub><b>CainYzb</b></sub>
73      </a>
74    </td>
75    <td>
76      <a href="https://github.com/tbodt">
77        <img src="https://avatars.githubusercontent.com/u/5678977?v=4" width="30px;" alt=""/>
78        <br /><sub><b>tbodt</b></sub>
79      </a>
80    </td>
81    <td>
82      <a href="https://github.com/LilNick0101">
83        <img src="https://avatars.githubusercontent.com/u/100995805?v=4" width="30px;" alt=""/>
84        <br /><sub><b>LilNick0101</b></sub>
85      </a>
86    </td>
87    <td>
88      <a href="https://github.com/lwsinclair">
89        <img src="https://avatars.githubusercontent.com/u/2829939?v=4" width="30px;" alt=""/>
90        <br /><sub><b>lwsinclair</b></sub>
91      </a>
92    </td>
93  </tr>
94</table>
95 
96 
97 
98</div>
99 
100<!-- It is a still in early stage of development, so expects bugs, crashes and logical erros.-->
101 
102<!-- Standalone Plugin for [JADX](https://github.com/skylot/jadx) (Started as Fork) with Model Context Protocol (MCP) integration for AI-powered static code analysis and real-time code review and reverse engineering tasks using Claude.-->
103 
104 
105<div align="center">
106    <img alt="banner" height="480px" widht="620px" src="docs/assets/img.png">
107</div>
108 
109<!-- ![jadx-ai-banner.png](docs/assets/img.png) Image generated using AI tools. -->
110 
111#### Read The Docs
112 - Read The Docs is now live: https://jadx-ai-mcp.readthedocs.io/en/latest/
113 
114---
115 
116## 🤖 What is JADX-AI-MCP?
117 
118**JADX-AI-MCP** is a plugin for the [JADX decompiler](https://github.com/skylot/jadx) that integrates directly with [Model Context Protocol (MCP)](https://github.com/anthropic/mcp) to provide **live reverse engineering support with LLMs like Claude**.
119 
120Think: "Decompile → Context-Aware Code Review → AI Recommendations" — all in real time.
121 
122#### High Level Sequence Diagram
123 
124```mermaid
125sequenceDiagram
126LLM CLIENT->>JADX MCP SERVER: INVOKE MCP TOOL
127JADX MCP SERVER->>JADX AI MCP PLUGIN: INVOKE HTTP REQUEST
128JADX AI MCP PLUGIN->>REQUEST HANDLERS: INVOKE HTTP REQUEST HANDLER
129REQUEST HANDLERS->>JADX GUI: PERFORM ACTION/GATHER DATA
130JADX GUI->>REQUEST HANDLERS: ACTION PERFORMED/DATA GATHERED
131REQUEST HANDLERS->>JADX AI MCP PLUGIN: CRAFT HTTP RESPONSE
132JADX AI MCP PLUGIN->>JADX MCP SERVER:HTTP RESPONSE
133JADX MCP SERVER->>LLM CLIENT: MCP TOOL RESULT
134```
135 
136### Watch the demos!
137 
138- **Perform quick analysis**
139  
140https://github.com/user-attachments/assets/b65c3041-fde3-4803-8d99-45ca77dbe30a
141 
142- **Quickly find vulnerabilities**
143 
144https://github.com/user-attachments/assets/c184afae-3713-4bc0-a1d0-546c1f4eb57f
145 
146- **Multiple AI Agents Support**
147 
148https://github.com/user-attachments/assets/6342ea0f-fa8f-44e6-9b3a-4ceb8919a5b0
149 
150- **Run with your favorite LLM Client**
151 
152https://github.com/user-attachments/assets/b4a6b280-5aa9-4e76-ac72-a0abec73b809
153 
154- **Analyze The APK Resources**
155 
156https://github.com/user-attachments/assets/f42d8072-0e3e-4f03-93ea-121af4e66eb1
157 
158- **Your AI Assistant during debugging of APK using JADX**
159 
160https://github.com/user-attachments/assets/2b0bd9b1-95c1-4f32-9b0c-38b864dd6aec
161 
162It is combination of two tools:
1631. JADX-AI-MCP
1642. [JADX MCP SERVER](https://github.com/zinja-coder/jadx-mcp-server)
165 
166## 🤖 What is JADX-MCP-SERVER?
167 
168**JADX MCP Server** is a standalone Python server that interacts with a `JADX-AI-MCP` plugin (see: [jadx-ai-mcp](https://github.com/zinja-coder/jadx-ai-mcp)) via MCP (Model Context Protocol). It lets LLMs communicate with the decompiled Android app context live.
169 
170---
171 
172## Other projects in Zin MCP Suite
173 - **[APKTool-MCP-Server](https://github.com/zinja-coder/apktool-mcp-server)**
174 - **[JADX-MCP-Server](https://github.com/zinja-coder/jadx-mcp-server)**
175 - **[ZIN-MCP-Client](https://github.com/zinja-coder/zin-mcp-client)**
176 
177## Current MCP Tools
178 
179The following MCP tools are available:
180 
181- `fetch_current_class()` — Get the class name and full source of selected class
182- `get_selected_text()` — Get currently selected text
183- `get_all_classes()` — List all classes in the project
184- `get_class_source()` — Get full source of a given class
185- `get_method_by_name()` — Fetch a method's source
186- `search_method_by_name()` — Search method across classes
187- `search_classes_by_keyword()` — Search for classes whose source code contains a specific keyword (supports pagination)
188- `get_methods_of_class()` — List methods in a class
189- `get_fields_of_class()` — List fields in a class
190- `get_smali_of_class()` — Fetch smali of class
191- `get_main_activity_class()` — Fetch main activity from jadx mentioned in AndroidManifest.xml file.
192- `get_main_application_classes_code()` — Fetch all the main application classes' code based on the package name defined in the AndroidManifest.xml.
193- `get_main_application_classes_names()` — Fetch all the main application classes' names based on the package name defined in the AndroidManifest.xml.
194- `get_android_manifest()` — Retrieve and return the AndroidManifest.xml content.
195- `get_strings()` : Fetches the strings.xml file
196- `get_all_resource_file_names()` : Retrieve all resource files names that exists in application
197- `get_resource_file()` : Retrieve resource file content
198- `rename_class()` : Renames the class name
199- `rename_method()` : Renames the method
200- `rename_field()` : Renames the field
201- `rename_package()` : Renames whole package
202- `rename_variable()` : Renames the variable within a method
203- `debug_get_stack_frames()` : Get the stack frames from jadx debugger
204- `debug_get_threads()` : Get the insights of threads from jadx debugger
205- `debug_get_variables()` : Get the variables from jadx debugger
206- `xrefs_to_class()` : Find all references to a class (returns method-level and class-level references, supports pagination)
207- `xrefs_to_method()` : Find all references to a method (includes override-related methods, supports pagination)
208- `xrefs_to_field()` : Find all references to a field (returns methods that access the field, supports pagination)
209  
210---
211 
212## 🗒️ Sample Prompts
213 
214🔍 Basic Code Understanding
215 
216    "Explain what this class does in one paragraph."
217 
218    "Summarize the responsibilities of this method."
219 
220    "Is there any obfuscation in this class?"
221 
222    "List all Android permissions this class might require."
223 
224🛡️ Vulnerability Detection
225 
226    "Are there any insecure API usages in this method?"
227 
228    "Check this class for hardcoded secrets or credentials."
229 
230    "Does this method sanitize user input before using it?"
231 
232    "What security vulnerabilities might be introduced by this code?"
233 
234🛠️ Reverse Engineering Helpers
235 
236    "Deobfuscate and rename the classes and methods to something readable."
237 
238    "Can you infer the original purpose of this smali method?"
239 
240    "What libraries or SDKs does this class appear to be part of?"
241 
242    "Tell me which classes contains code related to 'encryption'?"
243 
244📦 Static Analysis
245 
246    "List all network-related API calls in this class."
247 
248    "Identify file I/O operations and their potential risks."
249 
250    "Does this method leak device info or PII?"
251 
252🤖 AI Code Modification
253 
254    "Refactor this method to improve readability."
255 
256    "Add comments to this code explaining each step."
257 
258    "Rewrite this Java method in Python for analysis."
259 
260📄 Documentation & Metadata
261 
262    "Generate Javadoc-style comments for all methods."
263 
264    "What package or app component does this class likely belong to?"
265 
266    "Can you identify the Android component type (Activity, Service, etc.)?"
267 
268🐞 Debugger Assistant
269```
270   "Fetch stack frames, varirables and threads from debugger and provide summary"
271 
272   "Based the stack frames from debugger, explain the execution flow of the application"
273 
274   "Based on the state of variables, is there security threat?"
275```
276 
277---
278 
279## 🛠️ Getting Started 
280 
281### 1. Download from Releases: https://github.com/zinja-coder/jadx-ai-mcp/releases
282 
283> [!NOTE]
284>
285> Download both `jadx-ai-mcp-<version>.jar` and `jadx-mcp-server-<version>.zip` files.
286 
287 
288```bash
289# 0. Download the jadx-ai-mcp-<version>.jar and jadx-mcp-server-<version>.zip
290https://github.com/zinja-coder/jadx-ai-mcp/releases
291 
292# 1. 
293unzip jadx-ai-mcp-<version>.zip
294 
295├jadx-mcp-server/
296  ├── jadx_mcp.py
297  ├── requirements.txt
298  ├── README.md
299  ├── LICENSE
300 
301├jadx-ai-mcp-<version>.jar
302 
303# 2. Install the plugin
304 
305# For this you can follow two approaches:
306 
307## 1. One liner - execute below command in your shell
308jadx plugins --install "github:zinja-coder:jadx-ai-mcp"
309 
310## The above one line code will install the latest version of the plugin directly into the jadx, no need to download the jadx-ai-mcp's .jar file.
311## 2. Or you can use JADX-GUI to install it by following images as shown below:
312```
313 
314<div align="center">
315    <img alt="banner" height="480px" widht="620px" src="docs/assets/img_1231.png">
316</div>
317 
318<div align="center">
319    <img alt="banner" height="480px" widht="620px" src="docs/assets/img_1123.png">
320</div>
321 
322<div align="center">
323    <img alt="banner" height="480px" widht="620px" src="docs/assets/img_2122.png">
324</div>
325 
326 
327```bash
328## 3. GUI method, download the .jar file and follow below steps shown in images
329```
330![img.png](docs/assets/img123.png)
331![img_1.png](docs/assets/img_12.png)
332![img_2.png](docs/assets/img_2.png)
333![img_3.png](docs/assets/img_3.png)
334```bash
335# 3. Navigate to jadx-mcp-server directory
336cd jadx-mcp-server
337 
338# 4. This project uses uv - https://github.com/astral-sh/uv instead of pip for dependency management.
339    ## a. Install uv (if you dont have it yet)
340curl -LsSf https://astral.sh/uv/install.sh | sh
341    ## b. OPTIONAL, if for any reasons, you get dependecy errors in jadx-mcp-server, Set up the environment
342uv venv
343source .venv/bin/activate  # or .venv\Scripts\activate on Windows
344    ## c. OPTIONAL Install dependencies
345uv pip install httpx fastmcp
346 
347# The setup for jadx-ai-mcp and jadx_mcp_server is done.
348```
349 
350## 🤖 2. Use Claude Desktop
351 
352Make sure Claude Desktop is running with MCP enabled.
353 
354For instance, I have used following for Kali Linux: https://github.com/aaddrick/claude-desktop-debian
355 
356Configure and add MCP server to LLM file:
357```bash
358nano ~/.config/Claude/claude_desktop_config.json
359```
360 
361For:
362   - Windows: `%APPDATA%\Claude\claude_desktop_config.json`
363   - macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`
364   
365And following content in it:
366```json
367{
368    "mcpServers": {
369        "jadx-mcp-server": {
370            "command": "/<path>/<to>/uv", 
371            "args": [
372                "--directory",
373                "</PATH/TO/>jadx-mcp-server/",
374                "run",
375                "jadx_mcp_server.py"
376            ]
377        }
378    }
379}
380```
381 
382Replace:
383 
384- `path/to/uv` with the actual path to your `uv` executable
385- `path/to/jadx-mcp-server` with the absolute path to where you cloned this
386repository
387 
388Then, navigate code and interact via real-time code review prompts using the built-in integration.
389 
390**OR**
391 
392or you can install the jadx_mcp_server directly as executable directly using below command:
393 
394```
395uv tool install git+https://github.com/zinja-coder/jadx-mcp-server
396```
397 
398and then you can just provide `jadx_mcp_server` in `command` section of mcp configuration.
399 
400## 3. Use Cherry Studio
401 
402If you want to configure the MCP tool in Cherry Studio, you can refer to the following configuration.
403- Type: stdio
404- command: uv
405- argument:
406```bash
407--directory
408path/to/jadx-mcp-server
409run
410jadx_mcp_server.py
411```
412- `path/to/jadx-mcp-server` with the absolute path to where you cloned this
413repository
414 
415## 4. Using LMStudio
416 
417You can also use JADX AI MCP Server with LM Studio by configuring it's mcp.json file. Here's the video guide.
418 
419https://github.com/user-attachments/assets/b4a6b280-5aa9-4e76-ac72-a0abec73b809
420 
421## 5. Running in HTTP Stream Mode
422 
423You can also use Jadx in HTTP Stream Mode using `--http` option with `jadx_mcp_server.py` as shown in following:
424 
425```bash
426uv run jadx_mcp_server.py --http
427 
428OR
429 
430uv run jadx_mcp_server.py --http --port 9999
431```
432 
433## 6. Custom port configuration for JADX AI MCP Plugin
434 
435<img width="800" height="335" alt="image" src="https://github.com/user-attachments/assets/6243adc5-5be4-4e2d-aa16-bdaf78a28e36" />
436 
4371. Configure Port: Configure the port on which the JADX AI MCP Plugin will listen on.
4382. Default Port: Revert back the changes and listen on default port.
4393. Restart Server: Force restart the JADX AI MCP Plugin server.
4404. Server Status: Check the status of JADX AI MCP Plugin server.
441 
442To connect with JADX AI MCP Plugin running on custom port, the `--jadx-port` option will be used as shown in following:
443```
444uv run jadx_mcp_server.py --jadx-port 8652
445```
446 
447The MCP Configuration for above will be as follows for claude:
448 
449```
450{
451  "mcpServers": {
452    "jadx-mcp-server": {
453      "command": "/path/to/uv",
454      "args": [
455        "--directory",
456        "/path/to/jadx-mcp-server/",
457        "run",
458        "jadx_mcp_server.py",
459        "--jadx-port",
460        "8652"
461      ]
462    }
463  }
464}
465```
466 
467## Give it a shot
468 
4691. Run jadx-gui and load any .apk file
470 
471![img_1.png](docs/assets/img_1.png)
472 
4732. Start claude - You must see hammer symbol
474 
475![img2.png](docs/assets/img2.png)
476 
4773. Click on the `hammer` symbol and you should you see somthing like following:
478 
479![img3.png](docs/assets/img3.png)
480 
4814. Run following prompt:
482```text
483fetch currently selected class and perform quick sast on it
484```
485![img4.png](docs/assets/img4.png)
486 
4875. Allow access when prompted:
488 
489![img_1.png](docs/assets/img5.png)
490 
4916. HACK!
492 
493![img_2.png](docs/assets/img6.png)
494 
495This plugin allows total control over the GUI and internal project model to support deeper LLM integration, including:
496 
497- Exporting selected class to MCP
498- Running automated Claude analysis
499- Receiving back suggestions inline
500 
501---
502 
503## Troubleshooting
504 
505[Check here](https://github.com/zinja-coder/jadx-ai-mcp/edit/jadx-ai/TROUBLESHOOTING.md)
506 
507## NOTE For Contributors
508 
509 - The files related to JADX-AI-MCP can be found under this repo.
510 
511 - The files related to **jadx-mcp-server** can be found [here](https://github.com/zinja-coder/jadx-mcp-server).
512 
513## To report bugs, issues, feature suggestion, Performance issue, general question, Documentation issue.
514 - Kindly open an issue with respective template.
515 
516 - Tested on Claude Desktop Client, support for other AI will be tested soon!
517 
518## 🙏 Credits
519 
520This project is a plugin for JADX, an amazing open-source Android decompiler created and maintained by [@skylot](https://github.com/skylot). All core decompilation logic belongs to them. I have only extended it to support my MCP server with AI capabilities.
521 
522[📎 Original README (JADX)](https://github.com/skylot/jadx)
523 
524The original README.md from jadx is included here in this repository for reference and credit.
525 
526This MCP server is made possible by the extensibility of JADX-GUI and the amazing Android reverse engineering community.
527 
528Also huge thanks to [@aaddrick](https://github.com/aaddrick) for developing Claude desktop for Debian based linux.
529 
530And in last thanks to [@anthropics](https://github.com/anthropics) for developing the Model Context Protocol and [@FastMCP](https://github.com/modelcontextprotocol/python-sdk) team
531 
532Apart from this, huge thanks to all open source projects which serve as a dependencies for this project and which made this possible.
533 
534### Dependencies
535 
536This project uses following awesome libraries.
537 
538- Plugin - Java
539  - Javalin     - https://javalin.io/ - Apache 2.0 License
540  - SLF4J       - https://slf4j.org/  - MIT License
541  - org.w3c.dom - https://mvnrepository.com/artifact/org.w3c.dom - W3C Software and Document License
542 
543- MCP Server - Python
544  - FastMCP - https://github.com/jlowin/fastmcp - Apache 2.0 License
545  - httpx   - https://www.python-httpx.org      - BSD-3-Clause (“BSD licensed”) 
546 
547## 📄 License
548 
549JADX-AI-MCP and all related projects inherits the Apache 2.0 License from the original JADX repository.
550 
551## ⚖️ Legal Warning
552 
553**Disclaimer**
554 
555The tools `jadx-ai-mcp` and `jadx_mcp_server` are intended strictly for educational, research, and ethical security assessment purposes. They are provided "as-is" without any warranties, expressed or implied. Users are solely responsible for ensuring that their use of these tools complies with all applicable laws, regulations, and ethical guidelines.
556 
557By using `jadx-ai-mcp` or `jadx_mcp_server`, you agree to use them only in environments you are authorized to test, such as applications you own or have explicit permission to analyze. Any misuse of these tools for unauthorized reverse engineering, infringement of intellectual property rights, or malicious activity is strictly prohibited.
558 
559The developers of `jadx-ai-mcp` and `jadx_mcp_server` shall not be held liable for any damage, data loss, legal consequences, or other consequences resulting from the use or misuse of these tools. Users assume full responsibility for their actions and any impact caused by their usage.
560 
561Use responsibly. Respect intellectual property. Follow ethical hacking practices.
562 
563---
564 
565## 🙌 Contribute or Support
566 
567- Found it useful? Give it a ⭐️
568- Got ideas? Open an [issue](https://github.com/zinja-coder/jadx-ai-mcp/issues) or submit a PR
569- Built something on top? DM me or mention me — I’ll add it to the README!
570- Do you like my work and keep it going? Sponsor this project.
571  
572---
573 
574Built with ❤️ for the reverse engineering and AI communities.
575