🤖 Overview: What is JADX-AI-MCP?

JADX-AI-MCP functions as an extension for the premier JADX decompiler, establishing a direct communication channel via the Model Context Protocol (MCP). This linkage delivers dynamic reverse engineering assistance powered by LLMs.

Conceptual Flow: "Decompile → Contextualized Code Audit → Immediate AI Remediation Suggestions"—executed instantaneously.

Explore the capabilities via demonstrations:

• Rapid Structural Assessment

https://github.com/user-attachments/assets/b65c3041-fde3-4803-8d99-45ca77dbe30a

• Swift Vulnerability Identification

https://github.com/user-attachments/assets/c184afae-3713-4bc0-a1d0-546c1f4eb57f

• Support for Plurality of AI Agents

https://github.com/user-attachments/assets/6342ea0f-fa8f-44e6-9b3a-4ceb8919a5b0

• Compatibility with Preferred LLM Frontends

https://github.com/user-attachments/assets/b4a6b280-5aa9-4e76-ac72-a0abec73b809

• Analysis of Packaged Resources (APK Assets)

https://github.com/user-attachments/assets/f42d8072-0e3e-4f03-93ea-121af4e66eb1

This solution is a composite of two main components: 1. The JADX-AI-MCP Plugin 2. The companion JADX MCP SERVER

🤖 JADX-MCP-SERVER Explained

JADX MCP Server is a standalone implementation written in Python, acting as the intermediary between the JADX-AI-MCP plugin and the external LLM system via MCP. It enables generative models to interact dynamically with the decompiled Android application context.

Other Modules in the Zin MCP Suite

• APKTool-MCP-Server
• JADX-MCP-Server
• ZIN-MCP-Client

Catalog of Available MCP Operations

The following functions are exposed via the Model Context Protocol:

• fetch_current_class() — Retrieve the fully disassembled source and identifier of the currently focused class
• get_selected_text() — Extract the highlighted textual segment from the view
• get_all_classes() — Enumerate all contained class definitions within the project
• get_class_source() — Obtain the complete source code for a specified class identifier
• get_method_by_name() — Fetch the source representation for a method identified by name
• search_method_by_name() — Perform a recursive search for a method signature across all project classes
• get_methods_of_class() — List all defined methods pertaining to a specific class
• get_fields_of_class() — List all member fields within a class structure
• get_smali_of_class() — Retrieve the raw smali assembly representation for a class
• get_main_activity_class() — Identify and return the primary entry point Activity class reference from AndroidManifest.xml
• get_main_application_classes_code() — Fetch source code for all core classes derived from the package name specified in the manifest
• get_main_application_classes_names() — Retrieve identifiers for all core classes based on manifest package configuration
• get_android_manifest() — Access and return the content of AndroidManifest.xml
• get_strings() : Extract content from the strings.xml resource file
• get_all_resource_file_names() : Catalog all existing resource files within the application package
• get_resource_file() : Fetch the raw content of a specified resource file
• rename_class() : Execute a class identifier renaming operation
• rename_method() : Execute a method identifier renaming operation
• rename_field() : Execute a field identifier renaming operation

🗒️ Illustrative Query Examples

🔍 Fundamental Code Comprehension

"Provide a single-paragraph synopsis describing this class's function."

"Condense the core duties handled by this specific routine."

"Analyze this compilation unit for evidence of code obfuscation techniques."

"Detail the necessary Android OS permissions this class implementation likely mandates."

🛡️ Security Posture Evaluation

"Scrutinize this routine for any utilization of insecure API pathways or functions."

"Scan the current file contents for embedded credentials or proprietary secrets."

"Verify whether external inputs are adequately sanitized prior to invocation within this function."

"What potential security exposures could originate from this block of source code?"

🛠️ Reverse Engineering Augmentation

"Undertake deobfuscation and assign meaningful, human-readable identifiers to classes and methods."

"Can you deduce the original intended purpose of this low-level smali block?"

"Identify the integrated external libraries or SDK dependencies evident in this class structure."

📦 Static Application Profiling

"Tabulate all network communication initiation points found within this class structure."

"Pinpoint file system input/output operations and assess their associated risks."

"Does this routine result in the unintentional disclosure of device identifiers or Personally Identifiable Information (PII)?"

🤖 AI-Driven Code Revision

"Restructure this function to enhance maintainability and clarity."

"Annotate this code thoroughly, explaining the purpose of each operational step."

"Translate this Java method logic into an equivalent structure using the Python language for supplementary analysis."

📄 Metadata and Reporting

"Generate comprehensive Javadoc-style documentation for all constituent methods."

"Determine the likely application component hierarchy (package or module) this class contributes to."

"Classify the Android component type (e.g., Activity, Service, BroadcastReceiver, etc.)."

🛠️ Deployment Guide

Step 1: Acquisition from Releases: https://github.com/zinja-coder/jadx-ai-mcp/releases

[!NOTE]

Acquire both the jadx-ai-mcp-<version>.jar plugin file and the jadx-mcp-server-<version>.zip archive.

bash

0. Fetch the necessary artifacts from the releases page

https://github.com/zinja-coder/jadx-ai-mcp/releases

1. Unpack the server component

unzip jadx-ai-mcp-.zip

├jadx-mcp-server/ (The Python backend) ├── jadx_mcp.py ├── requirements.txt ├── README.md ├── LICENSE

├jadx-ai-mcp-.jar (The JADX Plugin)

2. Install the Extension into JADX

Option A: Automated Installation via CLI (Recommended)

jadx plugins --install "github:zinja-coder:jadx-ai-mcp"

Note: This command fetches and installs the most recent version directly into your JADX environment, potentially negating the need for manual JAR file handling.

Option B: Manual GUI Installation (Refer to visual guides below)

bash

3. Server Environment Setup (If not using automated installation)

bash

3. Transition to the server directory

cd jadx-mcp-server

4. This backend utilizes 'uv' (https://github.com/astral-sh/uv) instead of traditional 'pip' for dependency management.

## a. Install uv if absent

curl -LsSf https://astral.sh/uv/install.sh | sh ## b. (Optional) Create and activate a dedicated virtual environment to mitigate potential environment conflicts uv venv source .venv/bin/activate # Use .venv\Scripts\activate on Windows systems ## c. (Optional) Install required packages uv pip install httpx fastmcp

Setup for both JADX AI MCP plugin and the MCP server backend is now complete.

2. Connecting to Local Models (Ollama) via Zin MCP Client - Preferred Method

⚡ A streamlined, low-overhead, CLI-based MCP Client engineered to interface with STDIO MCP Servers, bridging the gap between your locally hosted LLMs (e.g., via Ollama) and the MCP backends.

Explore it here: https://github.com/zinja-coder/zin-mcp-client

Demo Scenario: Executing a Localized Code Security Audit

https://github.com/user-attachments/assets/4cd26715-b5e6-4b4b-95e4-054de6789f42

🤖 3. Integration with Claude Desktop

Ensure your Claude Desktop client is operational and has MCP enabled.

Configuration example for Debian-based systems: https://github.com/aaddrick/claude-desktop-debian

Modify the MCP configuration file for Claude: bash nano ~/.config/Claude/claude_desktop_config.json

File paths vary by OS: - Windows: %APPDATA%\Claude\claude_desktop_config.json - macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

Populate it with the following structure, pointing to your local server:

{ "mcpServers": { "jadx-mcp-server": { "command": "///uv", "args": [ "--directory", കേന്ദ്രjadx-mcp-server/", "run", "jadx_mcp_server.py" ] } } }

Crucially, replace placeholders:

• path/to/uv: The absolute path to your installed uv binary.
• path/to/jadx-mcp-server: The absolute filesystem path to the cloned server directory.

Alternatively, you can install the server directly as a system executable:

uv tool install git+https://github.com/zinja-coder/jadx-mcp-server

If installed this way, simply reference jadx_mcp_server in the command field of your MCP configuration.

4. Configuration for Cherry Studio

For Cherry Studio integration, define the MCP connection parameters as follows: - Type: stdio - command: uv - argument list: bash --directory path/to/jadx-mcp-server run jadx_mcp_server.py

• Ensure path/to/jadx-mcp-server is the full, absolute path to your repository clone.

5. Utilizing LMStudio

LMStudio also supports integration with the JADX AI MCP Server via its mcp.json configuration file. A detailed video walkthrough is available here:

https://github.com/user-attachments/assets/b4a6b280-5aa9-4e76-ac72-a0abec73b809

6. Activation in HTTP Streaming Mode

The server can be launched to communicate over HTTP instead of STDIN/STDOUT by utilizing the --http flag with the Python script:

bash uv run jadx_mcp_server.py --http

OR (to specify a non-default port)

uv run jadx_mcp_server.py --http --port 9999

7. Custom Port Configuration for JADX AI MCP Plugin Communication

1. Port Specification: Configure the network endpoint the JADX AI MCP Plugin should utilize for its calls.
2. Default Reset: Revert to the standard communication port settings.
3. Server Reinitialization: Trigger a forced restart of the JADX AI MCP Plugin server process.
4. Status Check: Verify the operational status of the JADX AI MCP Plugin server.

To connect the server component to a JADX plugin instance running on a non-standard port (e.g., 8652), employ the --jadx-port flag:

uv run jadx_mcp_server.py --jadx-port 8652

The corresponding MCP configuration block for Claude, using this custom port, would resemble:

{ "mcpServers": { "jadx-mcp-server": { "command": "/path/to/uv", "args": [ "--directory", "/path/to/jadx-mcp-server/", "run", "jadx_mcp_server.py", "--jadx-port", "8652" ] } } }

Give it a Try

1. Launch JADX-GUI and load any target .apk file.

2. Initiate the configured LLM interface (e.g., Claude) – a recognized interaction icon (like a hammer) should appear.

3. Select the interaction icon to expose the command interface.

4. Submit a command, for example: text fetch currently selected class and perform quick sast on it

5. Grant necessary permissions when the prompt appears.

6. Success! You now have AI-driven insights directly integrated.

This extension grants comprehensive mastery over the GUI and the internal data model of JADX, enabling profound LLM integration, including:

• Exporting the active class context to the MCP stream
• Executing automated analysis routines via Claude
• Receiving suggested modifications or annotations inline

🛣️ Planned Enhancements (Roadmap)

• [x] Integration of apktool functionality

• [ ] Implementation of support for Hermes bytecode (React Native applications)

• [ ] Expansion of available, useful MCP Tool functions

• [ ] Enabling LLMs to propose and implement code modifications directly within JADX

• [ ] Incorporating prompt templating and granting LLMs read access to APK file resources for richer context

• [x] Development of the dedicated MCP Client for localized LLM orchestration

• [ ] Ultimate Vision : Unify all disparate Android reverse engineering and APK modification utilities under a singular MCP server framework, aiming to simplify APK analysis to an intuitive, AI-guided process.

NOTE For Contributors

• JADX-AI-MCP specific source files are located within this repository.

• Source files for the jadx-mcp-server backend are maintained in a separate location: here.

Reporting Issues and Feedback

• For bug reports, feature requests, performance concerns, or general inquiries, please utilize the dedicated issue tracker with the appropriate template.

• Currently validated extensively with the Claude Desktop Client; support for alternative AI platforms is under continuous testing!

🙏 Acknowledgment

This tool owes its foundation to JADX, an exceptional open-source Android decompiler created and sustained by @skylot. The core decompilation engine is entirely their contribution. My work has focused on extending this base to facilitate MCP server communication for AI augmentation.

📎 Original JADX README

The original JADX README.md is retained in this project for attribution and reference.

Deep gratitude to @aaddrick for engineering the Claude desktop environment for Linux distributions based on Debian.

Finally, thanks to @anthropics for conceptualizing the Model Context Protocol, and to the @FastMCP team for their SDK development.

We also extend significant appreciation to all open-source projects whose dependencies made the creation of this utility possible.

📄 Licensing

JADX-AI-MCP and all associated projects inherit the Apache 2.0 License framework from the original JADX distribution.

⚖️ Legal Mandate

Warning

The utilities named jadx-ai-mcp and jadx_mcp_server are strictly designated for academic study, technical research, and authorized ethical security evaluations. They are provided strictly "as is," without any explicit or implied guarantees. Users bear the sole responsibility for ensuring their utilization of these tools adheres to all relevant statutory requirements, regulatory frameworks, and professional ethical codes.

By engaging with jadx-ai-mcp or jadx_mcp_server, you covenant to employ these tools exclusively within domains for which you possess explicit testing authorization, such as applications under your ownership or explicit contractual permission. Unauthorized application of these tools for reverse engineering, intellectual property infringement, or illicit purposes is expressly forbidden.

The creators of jadx-ai-mcp and jadx_mcp_server disclaim liability for any resulting damages, data loss, judicial ramifications, or adverse outcomes stemming from the deployment or inappropriate use of these instruments. Users fully accept accountability for their operational choices and any repercussions arising from their deployment.

Operate ethically. Safeguard proprietary information. Adhere to recognized ethical penetration testing standards.

🙌 Participation and Support

• Found this repository valuable? Show appreciation with a ⭐️
• Have innovative concepts? Initiate a new issue or propose a Pull Request (PR)
• Developed something utilizing this? Notify me or reference this project — I will feature it in the README!
• Appreciate the maintenance effort? Consider sponsoring this continuous development.

Constructed with dedication for the synergy between reverse engineering practitioners and artificial intelligence advancements.

WIKIPEDIA EXCERPT: XMLHttpRequest (XHR) represents an API implemented as a JavaScript object, facilitating the transmission of HTTP requests from a web browser environment to a server. Its methods permit browser-based applications to issue server queries subsequent to page loading, and subsequently receive returned data. XMLHttpRequest is a foundational element of Ajax programming paradigms. Before Ajax gained prominence, server interaction was primarily achieved through traditional hyperlink navigation and form submissions, often leading to complete page reloads.

== Historical Context == The conceptual foundation for XMLHttpRequest emerged in 2000, originating from developers working on Microsoft Outlook. This concept was first realized within the Internet Explorer 5 browser (released in 1999). However, the initial syntax did not employ the standard XMLHttpRequest identifier; instead, developers utilized constructs like ActiveXObject("Msxml2.XMLHTTP") and ActiveXObject("Microsoft.XMLHTTP"). By the time Internet Explorer 7 (2006) launched, all major browsers had adopted the standardized XMLHttpRequest identifier. This identifier is now the prevailing standard across all primary browser engines, including Mozilla’s Gecko (2002), Safari 1.2 (2004), and Opera 8.0 (2005).

=== Standardization Process === The World Wide Web Consortium (W3C) published its initial Working Draft specification for the XMLHttpRequest object on April 5, 2006. On February 25, 2008, the W3C advanced to a Level 2 Working Draft specification, which introduced functionalities such as progress monitoring, support for cross-origin requests, and byte stream handling. By the close of 2011, the Level 2 additions were incorporated back into the primary specification. As of late 2012, development responsibilities transitioned to the WHATWG, which maintains a living document utilizing Web IDL definitions.

== Operational Procedure == Generally, dispatching a network request via XMLHttpRequest involves a sequence of programming actions.

Instantiation of the XMLHttpRequest object via its constructor: Invocation of the "open" method to define the request modality (GET, POST, etc.), specify the target resource URI, and select synchronous or asynchronous execution mode: For asynchronous operations, registration of an event listener to handle state transitions: Initiation of the request lifecycle using the "send" method: Monitoring state changes through the registered event handler. Upon final server data reception, the object's status transitions to state 4, signifying completion ("done"). The response payload is typically accessible via the "responseText" property by default. Beyond these core steps, XMLHttpRequest offers extensive control over request formatting and response parsing. Custom HTTP headers can be injected to guide server processing, and data payload can be submitted during the "send" call. Responses can be pre-parsed from JSON into native JavaScript objects or streamed incrementally rather than waiting for the full transmission. Furthermore, requests can be halted prematurely or subjected to a timeout constraint.

== Cross-Domain Interaction Restrictions ==

During the nascent stages of the World Wide Web's evolution, limitations were established that restricted direct communication betw