/ 目錄 / 演練場 / jadx-mcp-server
← 全部伺服器 ↗ GitHub
● 社群 zinja-coder ⚡ 即開即用

jadx-mcp-server

作者 zinja-coder · zinja-coder/jadx-mcp-server

Python MCP server for JADX — enables AI assistants to analyze, search, rename, and debug decompiled Android APKs.

jadx-mcp-server is the Python MCP server component that bridges LLMs like Claude with a JADX instance running the jadx-ai-mcp plugin. It provides 25+ tools for Android APK analysis including class/method browsing, manifest inspection, string resource access, cross-reference lookup, variable renaming, and debugger integration. Supports both stdio and HTTP transport.

▶ 觀看演示 📦 安裝 💡 使用場景

為什麼要用

核心特性

即時演示

實際使用效果

jadx-mcp-server.replay ▶ 就緒
0/0

安裝

選擇你的客戶端

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

開啟 Claude Desktop → Settings → Developer → Edit Config。儲存後重啟應用。

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Cursor 使用與 Claude Desktop 相同的 mcpServers 格式。專案級設定優先於全域。

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

點擊 Cline 側欄中的 MCP Servers 圖示,然後選 "Edit Configuration"。

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

格式與 Claude Desktop 相同。重啟 Windsurf 生效。

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "jadx-mcp-server",
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  ]
}

Continue 使用伺服器物件陣列,而非映射。

~/.config/zed/settings.json
{
  "context_servers": {
    "jadx-mcp-server": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/zinja-coder/jadx-mcp-server"
        ]
      }
    }
  }
}

加入 context_servers。Zed 儲存後熱重載。

claude mcp add jadx-mcp-server -- TODO 'See README: https://github.com/zinja-coder/jadx-mcp-server'

一行命令搞定。用 claude mcp list 驗證,claude mcp remove 移除。

使用場景

實戰用法: jadx-mcp-server

How to perform a security audit on an Android APK with JADX MCP

👤 Security auditors reviewing Android applications they are authorized to test ⏱ ~60 min intermediate

何時使用: You need to review an APK for security vulnerabilities.

前置條件
  • JADX with jadx-ai-mcp plugin running with target APK loaded — Install plugin and open the APK in JADX-GUI
  • jadx-mcp-server running — uv run jadx_mcp_server.py
步驟
  1. Check manifest for issues
    Get the AndroidManifest.xml. Check for exported components, dangerous permissions, and debug flags.✓ 已複製
    → Security findings from manifest analysis
  2. Search for insecure patterns
    Search for classes that use SharedPreferences, Log.d, or hardcoded URLs. Are there any credentials stored in plain text?✓ 已複製
    → List of potential security issues with code locations

結果: A security assessment report with specific code-level findings.

注意事項
  • ProGuard-obfuscated code is hard to follow — Use rename_variable and rename_class to deobfuscate as you analyze
搭配使用: filesystem

組合

與其他 MCP 搭配,撬動十倍槓桿

jadx-mcp-server + filesystem

Save security findings and annotated code to report files

Compile all security findings into a report and save to ~/audits/app-audit.md.✓ 已複製

工具

此 MCP 暴露的能力

工具輸入參數何時呼叫成本
fetch_current_class none Get source code of the class selected in JADX 0
get_all_classes none List all classes in the APK 0
search_classes_by_keyword keyword: str Search for classes by keyword 0
get_android_manifest none Get the AndroidManifest.xml 0
xrefs_to_method class: str, method: str Find cross-references to a method 0
rename_variable class: str, old: str, new: str Rename a variable for deobfuscation 0

成本與限制

運行它的成本

API 配額
N/A — fully local
每次呼叫 Token 數
200–2000 tokens per tool call
費用
Free
提示
Use search before fetching full class sources to minimize output.

安全

權限、密鑰、影響範圍

憑證儲存: N/A
資料出站: All analysis is local

故障排查

常見錯誤與修復

Server can't connect to JADX

Ensure JADX-GUI is running with the jadx-ai-mcp plugin enabled and an APK is loaded.

驗證: Check JADX-GUI for the plugin status indicator
uv not found

Install the uv package manager: curl -LsSf https://astral.sh/uv/install.sh | sh

驗證: uv --version
Empty class list

Make sure an APK file is actually loaded in JADX before connecting.

驗證: Open an APK in JADX-GUI first

替代方案

jadx-mcp-server 對比其他方案

替代方案何時用它替代權衡
jadx-ai-mcp (plugin)You want the complete plugin+server setup as a single packageThis is the server component — you need both the plugin and server

更多

資源

📖 閱讀 GitHub 上的官方 README

🐙 查看未解決的 issue

🔍 瀏覽全部 400+ MCP 伺服器和 Skills