JADX-AI-MCP (Part of Zin MCP Suite)
⚡ Fully automated MCP server + JADX plugin built to communicate with LLM through MCP to analyze Android APKs using LLMs like Claude — uncover vulnerabilities, analyze APK, and reverse engineer effortlessly.
⭐ Contributors
Thanks to these wonderful people for their contributions ⭐
<table> <tr align="center"> <td> <a href="https://github.com/ljt270864457"> <img src="https://avatars.githubusercontent.com/u/8609890?v=4" width="30px;" alt=""/> <br /><sub><b>ljt270864457</b></sub> </a> </td> <td> <a href="https://github.com/p0px"> <img src="https://avatars.githubusercontent.com/u/161268024?v=4" width="30px;" alt=""/> <br /><sub><b>p0px</b></sub> </a> </td> <td> <a href="https://github.com/bx33661"> <img src="https://avatars.githubusercontent.com/u/138348615?v=4" width="30px;" alt=""/> <br /><sub><b>bx33661</b></sub> </a> </td> <td> <a href="https://github.com/Haicaji"> <img src="https://avatars.githubusercontent.com/u/132796021?v=4" width="30px;" alt=""/> <br /><sub><b>Haicaji</b></sub> </a> </td> <td> <a href="https://github.com/mostafaNazari702"> <img src="https://avatars.githubusercontent.com/u/93077724?v=4" width="30px;" alt=""/> <br /><sub><b>Mostafa Nazari</b></sub> </a> </td> <td> <a href="https://github.com/ChineseAStar"> <img src="https://avatars.githubusercontent.com/u/24355243?v=4" width="30px;" alt=""/> <br /><sub><b>ChineseAStar</b></sub> </a> </td> <td> <a href="https://github.com/cyal1r"> <img src="https://avatars.githubusercontent.com/u/33282478?v=4" width="30px;" alt=""/> <br /><sub><b>cyal1</b></sub> </a> </td> <td> <a href="https://github.com/badmonkey7"> <img src="https://avatars.githubusercontent.com/u/41368882?v=4" width="30px;" alt=""/> <br /><sub><b>badmonkey7</b></sub> </a> </td> <td> <a href="https://github.com/tiann"> <img src="https://avatars.githubusercontent.com/u/4233744?v=4" width="30px;" alt=""/> <br /><sub><b>tiann</b></sub> </a> </td> <td> <a href="https://github.com/ZERO-A-ONE"> <img src="https://avatars.githubusercontent.com/u/18625356?v=4" width="30px;" alt=""/> <br /><sub><b>ZERO-A-ONE</b></sub> </a> </td> <td> <a href="https://github.com/neoz"> <img src="https://avatars.githubusercontent.com/u/360582?v=4" width="30px;" alt=""/> <br /><sub><b>neoz</b></sub> </a> </td> <td> <a href="https://github.com/SamadiPour"> <img src="https://avatars.githubusercontent.com/u/24422125?v=4" width="30px;" alt=""/> <br /><sub><b>SamadiPour</b></sub> </a> </td> <td> <a href="https://github.com/wuseluosi"> <img src="https://avatars.githubusercontent.com/u/192840340?v=4" width="30px;" alt=""/> <br /><sub><b>wuseluosi</b></sub> </a> </td> <td> <a href="https://github.com/CainYzb"> <img src="https://avatars.githubusercontent.com/u/50669073?v=4" width="30px;" alt=""/> <br /><sub><b>CainYzb</b></sub> </a> </td> <td> <a href="https://github.com/tbodt"> <img src="https://avatars.githubusercontent.com/u/5678977?v=4" width="30px;" alt=""/> <br /><sub><b>tbodt</b></sub> </a> </td> <td> <a href="https://github.com/LilNick0101"> <img src="https://avatars.githubusercontent.com/u/100995805?v=4" width="30px;" alt=""/> <br /><sub><b>LilNick0101</b></sub> </a> </td> <td> <a href="https://github.com/lwsinclair"> <img src="https://avatars.githubusercontent.com/u/2829939?v=4" width="30px;" alt=""/> <br /><sub><b>lwsinclair</b></sub> </a> </td> </tr> </table> </div> <!-- It is a still in early stage of development, so expects bugs, crashes and logical erros.--> <!-- Standalone Plugin for [JADX](https://github.com/skylot/jadx) (Started as Fork) with Model Context Protocol (MCP) integration for AI-powered static code analysis and real-time code review and reverse engineering tasks using Claude.--> <div align="center"> <img alt="banner" height="480px" widht="620px" src="docs/assets/img.png"> </div> <!--  Image generated using AI tools. -->Read The Docs
- Read The Docs is now live: https://jadx-ai-mcp.readthedocs.io/en/latest/
🤖 What is JADX-AI-MCP?
JADX-AI-MCP is a plugin for the JADX decompiler that integrates directly with Model Context Protocol (MCP) to provide live reverse engineering support with LLMs like Claude.
Think: "Decompile → Context-Aware Code Review → AI Recommendations" — all in real time.
High Level Sequence Diagram
sequenceDiagram
LLM CLIENT->>JADX MCP SERVER: INVOKE MCP TOOL
JADX MCP SERVER->>JADX AI MCP PLUGIN: INVOKE HTTP REQUEST
JADX AI MCP PLUGIN->>REQUEST HANDLERS: INVOKE HTTP REQUEST HANDLER
REQUEST HANDLERS->>JADX GUI: PERFORM ACTION/GATHER DATA
JADX GUI->>REQUEST HANDLERS: ACTION PERFORMED/DATA GATHERED
REQUEST HANDLERS->>JADX AI MCP PLUGIN: CRAFT HTTP RESPONSE
JADX AI MCP PLUGIN->>JADX MCP SERVER:HTTP RESPONSE
JADX MCP SERVER->>LLM CLIENT: MCP TOOL RESULTWatch the demos!
- Perform quick analysis
https://github.com/user-attachments/assets/b65c3041-fde3-4803-8d99-45ca77dbe30a
- Quickly find vulnerabilities
https://github.com/user-attachments/assets/c184afae-3713-4bc0-a1d0-546c1f4eb57f
- Multiple AI Agents Support
https://github.com/user-attachments/assets/6342ea0f-fa8f-44e6-9b3a-4ceb8919a5b0
- Run with your favorite LLM Client
https://github.com/user-attachments/assets/b4a6b280-5aa9-4e76-ac72-a0abec73b809
- Analyze The APK Resources
https://github.com/user-attachments/assets/f42d8072-0e3e-4f03-93ea-121af4e66eb1
- Your AI Assistant during debugging of APK using JADX
https://github.com/user-attachments/assets/2b0bd9b1-95c1-4f32-9b0c-38b864dd6aec
It is combination of two tools:
- JADX-AI-MCP
- JADX MCP SERVER
🤖 What is JADX-MCP-SERVER?
JADX MCP Server is a standalone Python server that interacts with a JADX-AI-MCP plugin (see: jadx-ai-mcp) via MCP (Model Context Protocol). It lets LLMs communicate with the decompiled Android app context live.
Other projects in Zin MCP Suite
Current MCP Tools
The following MCP tools are available:
fetch_current_class()— Get the class name and full source of selected classget_selected_text()— Get currently selected textget_all_classes()— List all classes in the projectget_class_source()— Get full source of a given classget_method_by_name()— Fetch a method's sourcesearch_method_by_name()— Search method across classessearch_classes_by_keyword()— Search for classes whose source code contains a specific keyword (supports pagination)get_methods_of_class()— List methods in a classget_fields_of_class()— List fields in a classget_smali_of_class()— Fetch smali of classget_main_activity_class()— Fetch main activity from jadx mentioned in AndroidManifest.xml file.get_main_application_classes_code()— Fetch all the main application classes' code based on the package name defined in the AndroidManifest.xml.get_main_application_classes_names()— Fetch all the main application classes' names based on the package name defined in the AndroidManifest.xml.get_android_manifest()— Retrieve and return the AndroidManifest.xml content.get_manifest_component- Retrieve specific manifest component instead of whole manifest fileget_strings(): Fetches the strings.xml fileget_all_resource_file_names(): Retrieve all resource files names that exists in applicationget_resource_file(): Retrieve resource file contentrename_class(): Renames the class namerename_method(): Renames the methodrename_field(): Renames the fieldrename_package(): Renames whole packagerename_variable(): Renames the variable within a methoddebug_get_stack_frames(): Get the stack frames from jadx debuggerdebug_get_threads(): Get the insights of threads from jadx debuggerdebug_get_variables(): Get the variables from jadx debuggerxrefs_to_class(): Find all references to a class (returns method-level and class-level references, supports pagination)xrefs_to_method(): Find all references to a method (includes override-related methods, supports pagination)xrefs_to_field(): Find all references to a field (returns methods that access the field, supports pagination)
🗒️ Sample Prompts
🔍 Basic Code Understanding
"Explain what this class does in one paragraph."
"Summarize the responsibilities of this method."
"Is there any obfuscation in this class?"
"List all Android permissions this class might require."🛡️ Vulnerability Detection
"Are there any insecure API usages in this method?"
"Check this class for hardcoded secrets or credentials."
"Does this method sanitize user input before using it?"
"What security vulnerabilities might be introduced by this code?"🛠️ Reverse Engineering Helpers
"Deobfuscate and rename the classes and methods to something readable."
"Can you infer the original purpose of this smali method?"
"What libraries or SDKs does this class appear to be part of?"
"Tell me which classes contains code related to 'encryption'?"📦 Static Analysis
"List all network-related API calls in this class."
"Identify file I/O operations and their potential risks."
"Does this method leak device info or PII?"🤖 AI Code Modification
"Refactor this method to improve readability."
"Add comments to this code explaining each step."
"Rewrite this Java method in Python for analysis."📄 Documentation & Metadata
"Generate Javadoc-style comments for all methods."
"What package or app component does this class likely belong to?"
"Can you identify the Android component type (Activity, Service, etc.)?"🐞 Debugger Assistant
"Fetch stack frames, varirables and threads from debugger and provide summary"
"Based the stack frames from debugger, explain the execution flow of the application"
"Based on the state of variables, is there security threat?"🛠️ Getting Started
1. Download from Releases: https://github.com/zinja-coder/jadx-ai-mcp/releases
[!NOTE]
Download both
jadx-ai-mcp-<version>.jarandjadx-mcp-server-<version>.zipfiles.
# 0. Download the jadx-ai-mcp-<version>.jar and jadx-mcp-server-<version>.zi
…