jadx-ai-mcp takes the traditional static reverse engineering workflow and injects AI assistance directly into it. By combining a JADX decompiler plugin written in Java with a standalone Python MCP server, it enables large language models such as Claude to interactively inspect, rename, and debug Android APK code live — all within the decompiler environment.
what jadx-ai-mcp does and how it works
At its core, jadx-ai-mcp is a two-part system designed to bridge JADX, a popular open-source Android APK decompiler, with AI-powered analysis via the Model Context Protocol (MCP). MCP is a protocol that allows AI clients to communicate with external tools and services in a standardized way.
The first part is a Java-based plugin for JADX. This plugin extends JADX’s capabilities by exposing around 30 MCP tools that cover a wide range of APK reverse engineering tasks. These tools include class, method, and field inspection, retrieval of smali code (the human-readable Android bytecode format), parsing AndroidManifest files, accessing resource files, renaming symbols, inspecting debugger state, and tracking cross-references within the APK.
The second part is a standalone Python MCP server. This server acts as the bridge between the JADX plugin and AI clients such as Claude Desktop or Cherry Studio. Communication between the plugin and the MCP server happens over HTTP, while the MCP server then exposes a standard input/output (stdio) based MCP interface compatible with various MCP clients.
This design allows an AI assistant to interact with the decompiled APK in real time, issuing commands to inspect code, rename variables, or query debugger state. The AI can effectively participate in the reverse engineering process with a level of automation and insight not typically available in traditional static analysis tools.
jadx-ai-mcp is part of the broader Zin MCP Suite, which includes related projects like APKTool-MCP-Server and ZIN-MCP-Client, aimed at building AI-augmented workflows for security research and vulnerability detection.
technical strengths and design tradeoffs
One of the defining technical strengths of jadx-ai-mcp is the breadth and depth of MCP tools exposed through the JADX plugin. Covering roughly 30 distinct operations, these tools provide granular access to APK internals, allowing AI clients to perform detailed code inspection and manipulation.
The architecture cleverly separates concerns: JADX handles static decompilation and local APK parsing, while the Python MCP server implements the MCP protocol and manages communication with AI clients. This separation allows each component to focus on its core competency — Java for deep integration with JADX, and Python for flexible MCP server implementation.
Using HTTP for plugin-server communication and stdio for server-client communication is a practical choice that enables compatibility with various clients and simplifies integration. However, this also introduces latency and complexity in synchronization, especially when dealing with live debugging or symbol renaming.
The code quality appears pragmatic, balancing extensibility with the constraints of working within JADX’s plugin framework and the MCP ecosystem. The tradeoff is that setting up and operating this system requires familiarity with both Java and Python environments, as well as understanding MCP configuration.
Since this is aimed at security researchers and reverse engineers, the tool assumes a certain level of expertise. The interactive AI integration is powerful but relies on MCP-enabled AI clients and proper configuration, which may limit out-of-the-box usability.
quick start
1. download from releases
Download both the jadx-ai-mcp-.jar plugin and the jadx-mcp-server-.zip from the official releases page:
https://github.com/zinja-coder/jadx-ai-mcp/releases
2. install and configure
The latest version of the plugin can be installed directly into JADX without downloading the .jar separately.
3. use with Claude Desktop
Make sure Claude Desktop is running with MCP enabled. On Kali Linux, for example, you can use the Debian package from https://github.com/aaddrick/claude-desktop-debian.
Configure the MCP server in Claude Desktop by editing the MCP configuration file:
nano ~/.config/Claude/claude_desktop_config.json
For Windows and macOS, the config path differs:
- Windows:
%APPDATA%\Claude\claude_desktop_config.json - macOS:
~/Library/Application Support/Claude/claude_desktop_config.json
Add the following JSON configuration, replacing the paths to your uv executable and the MCP server directory:
{
"mcpServers": {
"jadx-mcp-server": {
"command": "/<path>/<to>/uv",
"args": [
"--directory",
"</PATH/TO/>jadx-mcp-server/",
"run",
"jadx_mcp_server.py"
]
}
}
}
Alternatively, you can install the MCP server directly using:
uv tool install git+https://github.com/zinja-coder/jadx-mcp-server
and then simply set jadx_mcp_server as the command in the MCP config.
4. use with Cherry Studio
If you prefer Cherry Studio, configure the MCP tool with the following:
- Type: stdio
- Command: uv
- Arguments:
--directory
path/to/jadx-mcp-server
run
jadx_mcp_server.py
Replace path/to/jadx-mcp-server with the absolute path to the server directory.
Once configured, you can navigate the decompiled APK code and interact with it through real-time AI-assisted code review prompts directly inside your MCP client.
verdict
jadx-ai-mcp is a solid option for security researchers and reverse engineers who want to enhance their static analysis workflow with AI-powered insights. The combination of a deeply integrated JADX plugin with a flexible Python MCP server creates a live interactive environment where AI assistants like Claude can participate in vulnerability detection, code deobfuscation, and debugging.
The setup is not trivial, requiring a working knowledge of MCP clients, Java plugin installation, and Python environments. It also depends on MCP infrastructure, which may limit adoption among casual users. However, for those invested in AI-augmented reverse engineering, it offers a powerful platform that extends beyond static tools.
The tradeoff is the complexity and operational overhead versus the gain in productivity and insight during APK analysis. This repo is not for the faint of heart but rewards those willing to integrate AI deeply into their reverse engineering workflow.
Overall, jadx-ai-mcp is worth exploring if you want to push the boundaries of APK reverse engineering by combining JADX’s decompilation strengths with real-time AI assistance through MCP.
Related Articles
- mcp-searxng: bridging AI assistants with private SearXNG-powered web search — mcp-searxng is a Node.js MCP server proxy that connects AI assistants to self-hosted SearXNG search via JSON API, enabli
- Exploring the Model Context Protocol with awesome-mcp-servers: a curated directory of MCP server implementations — awesome-mcp-servers is a curated list of Model Context Protocol (MCP) servers enabling AI models to interact securely wi
- freecad-mcp: bridging AI and parametric CAD through an MCP server — freecad-mcp uses an MCP server to connect Claude Desktop AI with FreeCAD, enabling AI-driven parametric CAD modeling thr
- Inside Claude Code: A detailed reconstruction of Anthropic’s AI safety and architecture — A deep dive into Claude Code’s 512K lines of TypeScript reveals a layered YOLO safety classifier, multi-agent IPC, and t
- Smithereen: A Java-based ActivityPub server that rejects fediverse conventions for authentic social connections — Smithereen is a self-hosted ActivityPub server in Java that rejects common fediverse features like hashtags and public f
→ GitHub Repo: zinja-coder/jadx-ai-mcp ⭐ 2,099 · Java