JADX-AI-MCP (Part of Zin MCP Suite)

⚡ Fully automated MCP server + JADX plugin built to communicate with LLM through MCP to analyze Android APKs using LLMs like Claude — uncover vulnerabilities, analyze APK, and reverse engineer effortlessly.

⭐ Contributors

Thanks to these wonderful people for their contributions ⭐

🤖 What is JADX-AI-MCP?

JADX-AI-MCP is a plugin for the JADX decompiler that integrates directly with Model Context Protocol (MCP) to provide live reverse engineering support with LLMs like Claude.

Think: "Decompile → Context-Aware Code Review → AI Recommendations" — all in real time.

High Level Sequence Diagram

sequenceDiagram
LLM CLIENT->>JADX MCP SERVER: INVOKE MCP TOOL
JADX MCP SERVER->>JADX AI MCP PLUGIN: INVOKE HTTP REQUEST
JADX AI MCP PLUGIN->>REQUEST HANDLERS: INVOKE HTTP REQUEST HANDLER
REQUEST HANDLERS->>JADX GUI: PERFORM ACTION/GATHER DATA
JADX GUI->>REQUEST HANDLERS: ACTION PERFORMED/DATA GATHERED
REQUEST HANDLERS->>JADX AI MCP PLUGIN: CRAFT HTTP RESPONSE
JADX AI MCP PLUGIN->>JADX MCP SERVER:HTTP RESPONSE
JADX MCP SERVER->>LLM CLIENT: MCP TOOL RESULT

Watch the demos!

• Perform quick analysis

https://github.com/user-attachments/assets/b65c3041-fde3-4803-8d99-45ca77dbe30a

• Quickly find vulnerabilities

https://github.com/user-attachments/assets/c184afae-3713-4bc0-a1d0-546c1f4eb57f

• Multiple AI Agents Support

https://github.com/user-attachments/assets/6342ea0f-fa8f-44e6-9b3a-4ceb8919a5b0

• Run with your favorite LLM Client

https://github.com/user-attachments/assets/b4a6b280-5aa9-4e76-ac72-a0abec73b809

• Analyze The APK Resources

https://github.com/user-attachments/assets/f42d8072-0e3e-4f03-93ea-121af4e66eb1

• Your AI Assistant during debugging of APK using JADX

https://github.com/user-attachments/assets/2b0bd9b1-95c1-4f32-9b0c-38b864dd6aec

It is combination of two tools:

1. JADX-AI-MCP
2. JADX MCP SERVER

🤖 What is JADX-MCP-SERVER?

JADX MCP Server is a standalone Python server that interacts with a JADX-AI-MCP plugin (see: jadx-ai-mcp) via MCP (Model Context Protocol). It lets LLMs communicate with the decompiled Android app context live.

Other projects in Zin MCP Suite

• APKTool-MCP-Server
• JADX-MCP-Server
• ZIN-MCP-Client

Current MCP Tools

The following MCP tools are available:

• fetch_current_class() — Get the class name and full source of selected class
• get_selected_text() — Get currently selected text
• get_all_classes() — List all classes in the project
• get_class_source() — Get full source of a given class
• get_method_by_name() — Fetch a method’s source
• search_method_by_name() — Search method across classes
• get_methods_of_class() — List methods in a class
• get_fields_of_class() — List fields in a class
• get_smali_of_class() — Fetch smali of class
• get_main_activity_class() — Fetch main activity from jadx mentioned in AndroidManifest.xml file.
• get_main_application_classes_code() — Fetch all the main application classes' code based on the package name defined in the AndroidManifest.xml.
• get_main_application_classes_names() — Fetch all the main application classes' names based on the package name defined in the AndroidManifest.xml.
• get_android_manifest() — Retrieve and return the AndroidManifest.xml content.
• get_strings() : Fetches the strings.xml file
• get_all_resource_file_names() : Retrieve all resource files names that exists in application
• get_resource_file() : Retrieve resource file content
• rename_class() : Renames the class name
• rename_method() : Renames the method
• rename_field() : Renames the field
• debug_get_stack_frames() : Get the stack frames from jadx debugger
• debug_get_threads() : Get the insights of threads from jadx debugger
• debug_get_variables() : Get the variables from jadx debugger

🗒️ Sample Prompts

🔍 Basic Code Understanding

"Explain what this class does in one paragraph."

"Summarize the responsibilities of this method."

"Is there any obfuscation in this class?"

"List all Android permissions this class might require."

🛡️ Vulnerability Detection

"Are there any insecure API usages in this method?"

"Check this class for hardcoded secrets or credentials."

"Does this method sanitize user input before using it?"

"What security vulnerabilities might be introduced by this code?"

🛠️ Reverse Engineering Helpers

"Deobfuscate and rename the classes and methods to something readable."

"Can you infer the original purpose of this smali method?"

"What libraries or SDKs does this class appear to be part of?"

📦 Static Analysis

"List all network-related API calls in this class."

"Identify file I/O operations and their potential risks."

"Does this method leak device info or PII?"

🤖 AI Code Modification

"Refactor this method to improve readability."

"Add comments to this code explaining each step."

"Rewrite this Java method in Python for analysis."

📄 Documentation & Metadata

"Generate Javadoc-style comments for all methods."

"What package or app component does this class likely belong to?"

"Can you identify the Android component type (Activity, Service, etc.)?"

🐞 Debugger Assistant

   "Fetch stack frames, varirables and threads from debugger and provide summary"

   "Based the stack frames from debugger, explain the execution flow of the application"

   "Based on the state of variables, is there security threat?"

🛠️ Getting Started

1. Download from Releases: https://github.com/zinja-coder/jadx-ai-mcp/releases

[!NOTE]

Download both jadx-ai-mcp-<version>.jar and jadx-mcp-server-<version>.zip files.

# 0. Download the jadx-ai-mcp-<version>.jar and jadx-mcp-server-<version>.zip
https://github.com/zinja-coder/jadx-ai-mcp/releases

# 1. 
unzip jadx-ai-mcp-<version>.zip

├jadx-mcp-server/
  ├── jadx_mcp.py
  ├── requirements.txt
  ├── README.md
  ├── LICENSE

├jadx-ai-mcp-<version>.jar

# 2. Install the plugin

# For this you can follow two approaches:

## 1. One liner - execute below command in your shell
jadx plugins --install "github:zinja-coder:jadx-ai-mcp"

## The above one line code will install the latest version of the plugin directly into the jadx, no need to download the jadx-ai-mcp's .jar file.
## 2. Or you can use JADX-GUI to install it by following images as shown below:

## 3. GUI method, download the .jar file and follow below steps shown in images

# 3. Navigate to jadx-mcp-server directory
cd jadx-mcp-server

# 4. This project uses uv - https://github.com/astral-sh/uv instead of pip for dependency management.
    ## a. Install uv (if you dont have it yet)
curl -LsSf https://astral.sh/uv/install.sh | sh
    ## b. OPTIONAL, if for any reasons, you get dependecy errors in jadx-mcp-server, Set up the environment
uv venv
source .venv/bin/activate  # or .venv\Scripts\activate on Windows
    ## c. OPTIONAL Install dependencies
uv pip install httpx fastmcp

# The setup for jadx-ai-mcp and jadx_mcp_server is done.

2. Running on Local LLM Using Ollama and Zin MCP Client - Recommended

⚡ Lightweight, Fast, Simple, CLI-Based MCP Client for STDIO MCP Servers, to fill the gap and provide bridge between your local LLMs running Ollama and MCP Servers.

Check Now: https://github.com/zinja-coder/zin-mcp-client

Demo: Perform Code Review to Find Vulnerabilities locally

https://github.com/user-attachments/assets/4cd26715-b5e6-4b4b-95e4-054de6789f42

🤖 3. Use Claude Desktop

Make sure Claude Desktop is running with MCP enabled.

For instance, I have used following for Kali Linux: https://github.com/aaddrick/claude-desktop-debian

Configure and add MCP server to LLM file:

nano ~/.config/Claude/claude_desktop_config.json

For:

• Windows: %APPDATA%\Claude\claude_desktop_config.json
• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

And following content in it:

{
    "mcpServers": {
        "jadx-mcp-server": {
            "command": "/<path>/<to>/uv", 
            "args": [
                "--directory",
                "</PATH/TO/>jadx-mcp-server/",
                "run",
                "jadx_mcp_server.py"
            ]
        }
    }
}

Replace:

• path/to/uv with the actual path to your uv executable
• path/to/jadx-mcp-server with the absolute path to where you cloned this repository

Then, navigate code and interact via real-time code review prompts using the built-in integration.

OR

or you can install the jadx_mcp_server directly as executable directly using below command:

uv tool install git+https://github.com/zinja-coder/jadx-mcp-server

and then you can just provide jadx_mcp_server in command section of mcp configuration.

4. Use Cherry Studio

If you want to configure the MCP tool in Cherry Studio, you can refer to the following configuration.

• Type: stdio
• command: uv
• argument:

--directory
path/to/jadx-mcp-server
run
jadx_mcp_server.py

• path/to/jadx-mcp-server with the absolute path to where you cloned this repository

5. Using LMStudio

You can also use JADX AI MCP Server with LM Studio by configuring it's mcp.json file. Here's the video guide.

https://github.com/user-attachments/assets/b4a6b280-5aa9-4e76-ac72-a0abec73b809

6. Running in HTTP Stream Mode

You can also use Jadx in HTTP Stream Mode using --http option with jadx_mcp_server.py as shown in following:

uv run jadx_mcp_server.py --http

OR

uv run jadx_mcp_server.py --http --port 9999

7. Custom port configuration for JADX AI MCP Plugin

1. Configure Port: Configure the port on which the JADX AI MCP Plugin will listen on.
2. Default Port: Revert back the changes and listen on default port.
3. Restart Server: Force restart the JADX AI MCP Plugin server.
4. Server Status: Check the status of JADX AI MCP Plugin server.

To connect with JADX AI MCP Plugin running on custom port, the --jadx-port option will be used as shown in following:

uv run jadx_mcp_server.py --jadx-port 8652

The MCP Configuration for above will be as follows for claude:

{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "/path/to/uv",
      "args": [
        "--directory",
        "/path/to/jadx-mcp-server/",
        "run",
        "jadx_mcp_server.py",
        "--jadx-port",
        "8652"
      ]
    }
  }
}

Give it a shot

1. Run jadx-gui and load any .apk file

2. Start claude - You must see hammer symbol

3. Click on the hammer symbol and you should you see somthing like following:

4. Run following prompt:

fetch currently selected class and perform quick sast on it

5. Allow access when prompted:

6. HACK!

This plugin allows total control over the GUI and internal project model to support deeper LLM integration, including:

• Exporting selected class to MCP
• Running automated Claude analysis
• Receiving back suggestions inline

Troubleshooting

Check here

NOTE For Contributors

• The files related to JADX-AI-MCP can be found under this repo.

• The files related to jadx-mcp-server can be found here.

To report bugs, issues, feature suggestion, Performance issue, general question, Documentation issue.

• Kindly open an issue with respective template.

• Tested on Claude Desktop Client, support for other AI will be tested soon!

🙏 Credits

This project is a plugin for JADX, an amazing open-source Android decompiler created and maintained by @skylot. All core decompilation logic belongs to them. I have only extended it to support my MCP server with AI capabilities.

📎 Original README (JADX)

The original README.md from jadx is included here in this repository for reference and credit.

This MCP server is made possible by the extensibility of JADX-GUI and the amazing Android reverse engineering community.

Also huge thanks to @aaddrick for developing Claude desktop for Debian based linux.

And in last thanks to @anthropics for developing the Model Context Protocol and @FastMCP team

Apart from this, huge thanks to all open source projects which serve as a dependencies for this project and which made this possible.

Dependencies

This project uses following awesome libraries.

• Plugin - Java

  • Javalin - https://javalin.io/ - Apache 2.0 License
  • SLF4J - https://slf4j.org/ - MIT License
  • org.w3c.dom - https://mvnrepository.com/artifact/org.w3c.dom - W3C Software and Document License

• MCP Server - Python

  • FastMCP - https://github.com/jlowin/fastmcp - Apache 2.0 License
  • httpx - https://www.python-httpx.org - BSD-3-Clause (“BSD licensed”)

📄 License

JADX-AI-MCP and all related projects inherits the Apache 2.0 License from the original JADX repository.

⚖️ Legal Warning

Disclaimer

The tools jadx-ai-mcp and jadx_mcp_server are intended strictly for educational, research, and ethical security assessment purposes. They are provided "as-is" without any warranties, expressed or implied. Users are solely responsible for ensuring that their use of these tools complies with all applicable laws, regulations, and ethical guidelines.

By using jadx-ai-mcp or jadx_mcp_server, you agree to use them only in environments you are authorized to test, such as applications you own or have explicit permission to analyze. Any misuse of these tools for unauthorized reverse engineering, infringement of intellectual property rights, or malicious activity is strictly prohibited.

The developers of jadx-ai-mcp and jadx_mcp_server shall not be held liable for any damage, data loss, legal consequences, or other consequences resulting from the use or misuse of these tools. Users assume full responsibility for their actions and any impact caused by their usage.

Use responsibly. Respect intellectual property. Follow ethical hacking practices.

🙌 Contribute or Support

• Found it useful? Give it a ⭐️
• Got ideas? Open an issue or submit a PR
• Built something on top? DM me or mention me — I’ll add it to the README!
• Do you like my work and keep it going? Sponsor this project.

Built with ❤️ for the reverse engineering and AI communities.