/ 目录 / 演练场 / jadx-mcp-server
← 全部服务器 ↗ GitHub
● 社区 zinja-coder ⚡ 即开即用

jadx-mcp-server

作者 zinja-coder · zinja-coder/jadx-mcp-server

Python MCP server for JADX — enables AI assistants to analyze, search, rename, and debug decompiled Android APKs.

jadx-mcp-server is the Python MCP server component that bridges LLMs like Claude with a JADX instance running the jadx-ai-mcp plugin. It provides 25+ tools for Android APK analysis including class/method browsing, manifest inspection, string resource access, cross-reference lookup, variable renaming, and debugger integration. Supports both stdio and HTTP transport.

▶ 观看演示 📦 安装 💡 使用场景

为什么要用

核心特性

实时演示

实际使用效果

jadx-mcp-server.replay ▶ 就绪
0/0

安装

选择你的客户端

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

打开 Claude Desktop → Settings → Developer → Edit Config。保存后重启应用。

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Cursor 使用与 Claude Desktop 相同的 mcpServers 格式。项目级配置优先于全局。

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

点击 Cline 侧栏中的 MCP Servers 图标,然后选 "Edit Configuration"。

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

格式与 Claude Desktop 相同。重启 Windsurf 生效。

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "jadx-mcp-server",
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  ]
}

Continue 使用服务器对象数组,而非映射。

~/.config/zed/settings.json
{
  "context_servers": {
    "jadx-mcp-server": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/zinja-coder/jadx-mcp-server"
        ]
      }
    }
  }
}

加入 context_servers。Zed 保存后热重载。

claude mcp add jadx-mcp-server -- TODO 'See README: https://github.com/zinja-coder/jadx-mcp-server'

一行命令搞定。用 claude mcp list 验证,claude mcp remove 卸载。

使用场景

实战用法: jadx-mcp-server

How to perform a security audit on an Android APK with JADX MCP

👤 Security auditors reviewing Android applications they are authorized to test ⏱ ~60 min intermediate

何时使用: You need to review an APK for security vulnerabilities.

前置条件
  • JADX with jadx-ai-mcp plugin running with target APK loaded — Install plugin and open the APK in JADX-GUI
  • jadx-mcp-server running — uv run jadx_mcp_server.py
步骤
  1. Check manifest for issues
    Get the AndroidManifest.xml. Check for exported components, dangerous permissions, and debug flags.✓ 已复制
    → Security findings from manifest analysis
  2. Search for insecure patterns
    Search for classes that use SharedPreferences, Log.d, or hardcoded URLs. Are there any credentials stored in plain text?✓ 已复制
    → List of potential security issues with code locations

结果: A security assessment report with specific code-level findings.

注意事项
  • ProGuard-obfuscated code is hard to follow — Use rename_variable and rename_class to deobfuscate as you analyze
搭配使用: filesystem

组合

与其他 MCP 搭配,撬动十倍杠杆

jadx-mcp-server + filesystem

Save security findings and annotated code to report files

Compile all security findings into a report and save to ~/audits/app-audit.md.✓ 已复制

工具

此 MCP 暴露的能力

工具输入参数何时调用成本
fetch_current_class none Get source code of the class selected in JADX 0
get_all_classes none List all classes in the APK 0
search_classes_by_keyword keyword: str Search for classes by keyword 0
get_android_manifest none Get the AndroidManifest.xml 0
xrefs_to_method class: str, method: str Find cross-references to a method 0
rename_variable class: str, old: str, new: str Rename a variable for deobfuscation 0

成本与限制

运行它的成本

API 配额
N/A — fully local
每次调用 Token 数
200–2000 tokens per tool call
费用
Free
提示
Use search before fetching full class sources to minimize output.

安全

权限、密钥、影响范围

凭据存储: N/A
数据出站: All analysis is local

故障排查

常见错误与修复

Server can't connect to JADX

Ensure JADX-GUI is running with the jadx-ai-mcp plugin enabled and an APK is loaded.

验证: Check JADX-GUI for the plugin status indicator
uv not found

Install the uv package manager: curl -LsSf https://astral.sh/uv/install.sh | sh

验证: uv --version
Empty class list

Make sure an APK file is actually loaded in JADX before connecting.

验证: Open an APK in JADX-GUI first

替代方案

jadx-mcp-server 对比其他方案

替代方案何时用它替代权衡
jadx-ai-mcp (plugin)You want the complete plugin+server setup as a single packageThis is the server component — you need both the plugin and server

更多

资源

📖 阅读 GitHub 上的官方 README

🐙 查看未解决的 issue

🔍 浏览全部 400+ MCP 服务器和 Skills