/ Каталог / Песочница / jadx-ai-mcp
← Все серверы ↗ GitHub
● Сообщество zinja-coder ⚡ Сразу

jadx-ai-mcp

автор zinja-coder · zinja-coder/jadx-ai-mcp

JADX plugin for AI-powered Android APK analysis — decompile, search, rename, debug, and trace xrefs with LLM assistance.

jadx-ai-mcp is a JADX decompiler plugin that integrates with MCP to enable AI-assisted Android APK reverse engineering. It provides 25+ tools for code analysis (class/method browsing, smali access), resource inspection (AndroidManifest, strings), refactoring (rename classes, methods, fields, variables), debugging (stack frames, threads, variables), and cross-reference tracking. Works with Claude Desktop, Cherry Studio, and other MCP clients.

▶ Смотреть демо 📦 Установить 💡 Сценарии

Зачем использовать

Ключевые функции

Живое демо

Как выглядит на практике

jadx-ai-mcp.replay ▶ готово
0/0

Установка

Выберите клиент

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "jadx-ai-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  }
}

Откройте Claude Desktop → Settings → Developer → Edit Config. Перезапустите после сохранения.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "jadx-ai-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  }
}

Cursor использует ту же схему mcpServers, что и Claude Desktop. Конфиг проекта приоритетнее глобального.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "jadx-ai-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  }
}

Щёлкните значок MCP Servers на боковой панели Cline, затем "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "jadx-ai-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  }
}

Тот же формат, что и Claude Desktop. Перезапустите Windsurf для применения.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "jadx-ai-mcp",
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-ai-mcp"
      ]
    }
  ]
}

Continue использует массив объектов серверов, а не map.

~/.config/zed/settings.json
{
  "context_servers": {
    "jadx-ai-mcp": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/zinja-coder/jadx-ai-mcp"
        ]
      }
    }
  }
}

Добавьте в context_servers. Zed перезагружается автоматически.

claude mcp add jadx-ai-mcp -- TODO 'See README: https://github.com/zinja-coder/jadx-ai-mcp'

Однострочная команда. Проверить: claude mcp list. Удалить: claude mcp remove.

Сценарии использования

Реальные сценарии: jadx-ai-mcp

How to analyze an Android APK with AI assistance using JADX

👤 Mobile security researchers analyzing APKs they have authorization to test ⏱ ~45 min intermediate

Когда использовать: You have an APK to analyze and want AI to help understand its behavior.

Предварительные требования
  • JADX with jadx-ai-mcp plugin — jadx plugins --install 'github:zinja-coder:jadx-ai-mcp'
  • JADX MCP Server running — Set up the Python MCP server with uv
Поток
  1. Check the manifest
    Get the AndroidManifest.xml. What permissions does this app request and what components (activities, services, receivers) does it declare?✓ Скопировано
    → Parsed manifest with permission analysis
  2. Find interesting classes
    Search for classes related to network communication or encryption. List them with their methods.✓ Скопировано
    → Filtered class list with method signatures
  3. Analyze and rename
    Get the source code of the main network class. Rename obfuscated methods to descriptive names based on their behavior.✓ Скопировано
    → Decompiled code with meaningful names applied

Итог: An annotated view of the APK with key functionality understood and obfuscation partially reversed.

Подводные камни
  • Heavily obfuscated apps resist decompilation — Use get_smali_of_class for bytecode-level analysis when decompilation fails
Сочетать с: filesystem

Debug an Android app with AI-assisted breakpoint analysis

👤 Android developers and security researchers debugging app behavior ⏱ ~30 min advanced

Когда использовать: You need to understand runtime behavior that isn't clear from static analysis.

Предварительные требования
  • JADX configured for debugging — Connect JADX debugger to a running Android app or emulator
Поток
  1. Set breakpoints and inspect
    I'm debugging the login flow. Show me the current stack frames and local variables at the authentication method.✓ Скопировано
    → Stack trace with variable values at the breakpoint

Итог: Runtime understanding of app behavior at critical code points.

Подводные камни
  • App detects debugger and exits — Look for anti-debugging checks in the code and bypass them before attaching

Комбинации

Сочетайте с другими MCP — эффект x10

jadx-ai-mcp + filesystem

Export decompiled and annotated code for documentation

Export the decompiled source of the authentication module and save it to ~/analysis/auth-module.java.✓ Скопировано

Инструменты

Что предоставляет этот MCP

ИнструментВходные данныеКогда вызыватьСтоимость
fetch_current_class none Get the currently selected class source code 0
search_classes_by_keyword keyword: str Find classes matching a keyword 0
get_android_manifest none Retrieve the AndroidManifest.xml 0
rename_class old_name: str, new_name: str Rename an obfuscated class 0
xrefs_to_method class_name: str, method_name: str Find all references to a method 0
get_smali_of_class class_name: str Get Dalvik bytecode (smali) for a class 0
debug_get_stack_frames none Get current debugger stack frames 0

Стоимость и лимиты

Во что обходится

Квота API
N/A — fully local
Токенов на вызов
200–2000 tokens per tool call
Деньги
Free — both JADX and the plugin are open source
Совет
Use search_classes_by_keyword to narrow targets before fetching full class sources.

Безопасность

Права, секреты, радиус поражения

Хранение учётных данных: N/A
Исходящий трафик: All analysis is local. No network calls from the MCP server.

Устранение неполадок

Частые ошибки и исправления

Plugin not loading in JADX

Ensure JADX version is compatible. Try reinstalling with: jadx plugins --install 'github:zinja-coder:jadx-ai-mcp'

Проверить: jadx plugins --list
MCP server connection failed

Ensure the JADX MCP Server is running and the port matches your client config.

Проверить: Check the server terminal for startup messages
Class not found in search

Obfuscated names may not match your search. Try broader patterns or search by method signatures.

Проверить: get_all_classes to see available class names

Альтернативы

jadx-ai-mcp в сравнении

АльтернативаКогда использоватьКомпромисс
jadx-mcp-serverYou only need the MCP server component without the JADX pluginServer-only — still needs the jadx-ai-mcp plugin in JADX
GhidrAssistMCPYou want to analyze native binaries rather than Android Dalvik bytecodeNative binary focus vs Android-specific tools

Ещё

Ресурсы

📖 Читать официальный README на GitHub

🐙 Открытые задачи

🔍 Все 400+ MCP-серверов и Skills