jadx-ai-mcp MCP — Anwendungsfälle, Installieren & Live-Demo

Name: jadx-ai-mcp MCP Server
Author: zinja-coder

Warum nutzen

Hauptfunktionen

25+ MCP tools for Android APK analysis, refactoring, and debugging
Real-time decompiled code access with AI recommendations
Cross-reference tracking for classes, methods, and fields with pagination
Code refactoring: rename classes, methods, fields, packages, and variables
Debugger integration with stack frames, threads, and variable inspection

Live-Demo

In der Praxis

jadx-ai-mcp.replay ▶ bereit

0/0

Installieren

Wählen Sie Ihren Client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "jadx-ai-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  }
}

Öffne Claude Desktop → Settings → Developer → Edit Config. Nach dem Speichern neu starten.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "jadx-ai-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  }
}

Cursor nutzt das gleiche mcpServers-Schema wie Claude Desktop. Projektkonfiguration schlägt die globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "jadx-ai-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  }
}

Klicken Sie auf das MCP-Servers-Symbol in der Cline-Seitenleiste, dann "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "jadx-ai-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  }
}

Gleiche Struktur wie Claude Desktop. Windsurf neu starten zum Übernehmen.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "jadx-ai-mcp",
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  ]
}

Continue nutzt ein Array von Serverobjekten statt einer Map.

~/.config/zed/settings.json

{
  "context_servers": {
    "jadx-ai-mcp": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/zinja-coder/jadx-ai-mcp"
        ]
      }
    }
  }
}

In context_servers hinzufügen. Zed lädt beim Speichern neu.

claude mcp add jadx-ai-mcp -- TODO 'See README: https://github.com/zinja-coder/jadx-ai-mcp'

Einzeiler. Prüfen mit claude mcp list. Entfernen mit claude mcp remove.

Anwendungsfälle

Praxisnahe Nutzung: jadx-ai-mcp

How to analyze an Android APK with AI assistance using JADX

👤 Mobile security researchers analyzing APKs they have authorization to test ⏱ ~45 min intermediate

Wann einsetzen: You have an APK to analyze and want AI to help understand its behavior.

Voraussetzungen

JADX with jadx-ai-mcp plugin — jadx plugins --install 'github:zinja-coder:jadx-ai-mcp'
JADX MCP Server running — Set up the Python MCP server with uv

Ablauf

Check the manifest

Get the AndroidManifest.xml. What permissions does this app request and what components (activities, services, receivers) does it declare?✓ Kopiert

→ Parsed manifest with permission analysis
Find interesting classes

Search for classes related to network communication or encryption. List them with their methods.✓ Kopiert

→ Filtered class list with method signatures
Analyze and rename

Get the source code of the main network class. Rename obfuscated methods to descriptive names based on their behavior.✓ Kopiert

→ Decompiled code with meaningful names applied

Ergebnis: An annotated view of the APK with key functionality understood and obfuscation partially reversed.

Fallstricke

Heavily obfuscated apps resist decompilation — Use get_smali_of_class for bytecode-level analysis when decompilation fails

Kombinieren mit: filesystem

Debug an Android app with AI-assisted breakpoint analysis

👤 Android developers and security researchers debugging app behavior ⏱ ~30 min advanced

Wann einsetzen: You need to understand runtime behavior that isn't clear from static analysis.

Voraussetzungen

JADX configured for debugging — Connect JADX debugger to a running Android app or emulator

Ablauf

Set breakpoints and inspect

I'm debugging the login flow. Show me the current stack frames and local variables at the authentication method.✓ Kopiert

→ Stack trace with variable values at the breakpoint

Ergebnis: Runtime understanding of app behavior at critical code points.

Fallstricke

App detects debugger and exits — Look for anti-debugging checks in the code and bypass them before attaching

Kombinationen

Mit anderen MCPs für 10-fache Wirkung

jadx-ai-mcp + filesystem

Export decompiled and annotated code for documentation

Export the decompiled source of the authentication module and save it to ~/analysis/auth-module.java.✓ Kopiert

Werkzeuge

Was dieses MCP bereitstellt

Werkzeug	Eingaben	Wann aufrufen
fetch_current_class	none	Get the currently selected class source code
search_classes_by_keyword	keyword: str	Find classes matching a keyword
get_android_manifest	none	Retrieve the AndroidManifest.xml
rename_class	old_name: str, new_name: str	Rename an obfuscated class
xrefs_to_method	class_name: str, method_name: str	Find all references to a method
get_smali_of_class	class_name: str	Get Dalvik bytecode (smali) for a class
debug_get_stack_frames	none	Get current debugger stack frames

Kosten & Limits

Was der Betrieb kostet

API-Kontingent: N/A — fully local
Tokens pro Aufruf: 200–2000 tokens per tool call
Kosten in €: Free — both JADX and the plugin are open source
Tipp: Use search_classes_by_keyword to narrow targets before fetching full class sources.

Sicherheit

Rechte, Secrets, Reichweite

Credential-Speicherung: N/A

Datenabfluss: All analysis is local. No network calls from the MCP server.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
Only analyze APKs you have legal right to reverse engineer.

Fehlerbehebung

Häufige Fehler und Lösungen

Plugin not loading in JADX

Ensure JADX version is compatible. Try reinstalling with: jadx plugins --install 'github:zinja-coder:jadx-ai-mcp'

Prüfen: jadx plugins --list

MCP server connection failed

Ensure the JADX MCP Server is running and the port matches your client config.

Prüfen: Check the server terminal for startup messages

Class not found in search

Obfuscated names may not match your search. Try broader patterns or search by method signatures.

Prüfen: get_all_classes to see available class names

Alternativen

jadx-ai-mcp vs. andere

Alternative	Wann stattdessen	Kompromiss
jadx-mcp-server	You only need the MCP server component without the JADX plugin	Server-only — still needs the jadx-ai-mcp plugin in JADX
GhidrAssistMCP	You want to analyze native binaries rather than Android Dalvik bytecode	Native binary focus vs Android-specific tools

Mehr

Ressourcen

📖 Offizielle README auf GitHub lesen

🐙 Offene Issues ansehen

🔍 Alle 400+ MCP-Server und Skills durchsuchen