/ Annuaire / Playground / jadx-mcp-server
← Tous les serveurs ↗ GitHub
● Communauté zinja-coder ⚡ Instantané

jadx-mcp-server

par zinja-coder · zinja-coder/jadx-mcp-server

Python MCP server for JADX — enables AI assistants to analyze, search, rename, and debug decompiled Android APKs.

jadx-mcp-server is the Python MCP server component that bridges LLMs like Claude with a JADX instance running the jadx-ai-mcp plugin. It provides 25+ tools for Android APK analysis including class/method browsing, manifest inspection, string resource access, cross-reference lookup, variable renaming, and debugger integration. Supports both stdio and HTTP transport.

▶ Voir la démo 📦 Installer 💡 Cas d'usage

Pourquoi l'utiliser

Fonctionnalités clés

Démo en direct

Aperçu en pratique

jadx-mcp-server.replay ▶ prêt
0/0

Installer

Choisissez votre client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Ouvrez Claude Desktop → Settings → Developer → Edit Config. Redémarrez après avoir enregistré.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Cursor utilise le même schéma mcpServers que Claude Desktop. La config projet l'emporte sur la globale.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Cliquez sur l'icône MCP Servers dans la barre latérale Cline, puis "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Même format que Claude Desktop. Redémarrez Windsurf pour appliquer.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "jadx-mcp-server",
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  ]
}

Continue utilise un tableau d'objets serveur plutôt qu'une map.

~/.config/zed/settings.json
{
  "context_servers": {
    "jadx-mcp-server": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/zinja-coder/jadx-mcp-server"
        ]
      }
    }
  }
}

Ajoutez dans context_servers. Zed recharge à chaud à la sauvegarde.

claude mcp add jadx-mcp-server -- TODO 'See README: https://github.com/zinja-coder/jadx-mcp-server'

Une seule ligne. Vérifiez avec claude mcp list. Supprimez avec claude mcp remove.

Cas d'usage

Usages concrets : jadx-mcp-server

How to perform a security audit on an Android APK with JADX MCP

👤 Security auditors reviewing Android applications they are authorized to test ⏱ ~60 min intermediate

Quand l'utiliser : You need to review an APK for security vulnerabilities.

Prérequis
  • JADX with jadx-ai-mcp plugin running with target APK loaded — Install plugin and open the APK in JADX-GUI
  • jadx-mcp-server running — uv run jadx_mcp_server.py
Déroulement
  1. Check manifest for issues
    Get the AndroidManifest.xml. Check for exported components, dangerous permissions, and debug flags.✓ Copié
    → Security findings from manifest analysis
  2. Search for insecure patterns
    Search for classes that use SharedPreferences, Log.d, or hardcoded URLs. Are there any credentials stored in plain text?✓ Copié
    → List of potential security issues with code locations

Résultat : A security assessment report with specific code-level findings.

Pièges
  • ProGuard-obfuscated code is hard to follow — Use rename_variable and rename_class to deobfuscate as you analyze
Combiner avec : filesystem

Combinaisons

Associez-le à d'autres MCPs pour un effet X10

jadx-mcp-server + filesystem

Save security findings and annotated code to report files

Compile all security findings into a report and save to ~/audits/app-audit.md.✓ Copié

Outils

Ce que ce MCP expose

OutilEntréesQuand appelerCoût
fetch_current_class none Get source code of the class selected in JADX 0
get_all_classes none List all classes in the APK 0
search_classes_by_keyword keyword: str Search for classes by keyword 0
get_android_manifest none Get the AndroidManifest.xml 0
xrefs_to_method class: str, method: str Find cross-references to a method 0
rename_variable class: str, old: str, new: str Rename a variable for deobfuscation 0

Coût et limites

Coût d'exécution

Quota d'API
N/A — fully local
Tokens par appel
200–2000 tokens per tool call
Monétaire
Free
Astuce
Use search before fetching full class sources to minimize output.

Sécurité

Permissions, secrets, portée

Stockage des identifiants : N/A
Sortie de données : All analysis is local

Dépannage

Erreurs courantes et correctifs

Server can't connect to JADX

Ensure JADX-GUI is running with the jadx-ai-mcp plugin enabled and an APK is loaded.

Vérifier : Check JADX-GUI for the plugin status indicator
uv not found

Install the uv package manager: curl -LsSf https://astral.sh/uv/install.sh | sh

Vérifier : uv --version
Empty class list

Make sure an APK file is actually loaded in JADX before connecting.

Vérifier : Open an APK in JADX-GUI first

Alternatives

jadx-mcp-server vs autres

AlternativeQuand l'utiliserCompromis
jadx-ai-mcp (plugin)You want the complete plugin+server setup as a single packageThis is the server component — you need both the plugin and server

Plus

Ressources

📖 Lire le README officiel sur GitHub

🐙 Voir les issues ouvertes

🔍 Parcourir les 400+ serveurs MCP et Skills