jadx-mcp-server tackles a common pain point in Android reverse engineering: integrating AI assistance directly into the decompilation workflow. Instead of static, disconnected tools, it offers a Python server that bridges large language models (LLMs) like Claude to a live JADX-GUI session, enabling interactive exploration and manipulation of APK code with AI help.
How jadx-mcp-server connects AI assistants to JADX for Android reverse engineering
At its core, jadx-mcp-server is a Python-based MCP (Model Context Protocol) server that mediates communication between two endpoints: an LLM client and a modified JADX-GUI plugin. MCP is a standardized protocol designed to enable AI clients to interact with external tools and services in structured ways.
The architecture features two distinct connections:
- One connection listens for MCP clients (such as Claude or Codex) on a configurable host and port. This is where the AI assistant connects.
- The other connection connects to the JADX plugin, which runs inside the JADX-GUI environment, typically on the same machine or accessible via the network.
Communication between the MCP server and the JADX plugin uses HTTP transport, while the server exposes the MCP interface to LLM clients over either standard input/output (stdio) or HTTP. This dual-connection model allows the server to act as a bridge, forwarding commands and responses between the AI assistant and the decompiler plugin seamlessly.
The JADX plugin extends the decompiler with over 20 MCP tools that provide granular access to APK internals. These tools let the AI perform tasks such as fetching class sources, searching methods, retrieving AndroidManifest information, inspecting debugger state, cross-referencing code, and renaming symbols. This breadth enables AI clients to participate actively in reverse engineering workflows.
jadx-mcp-server is part of the Zin Reverse Engineering MCP Suite, designed to integrate AI tightly into reverse engineering, static analysis, and vulnerability detection tasks.
Architecture and design tradeoffs that define jadx-mcp-server
The standout feature of this repo is its dual-connection MCP bridge. Splitting the server’s role into two connections—one for the LLM client and one for the JADX plugin—enables flexible deployment scenarios. For example, the LLM client can run locally or remotely, and the JADX-GUI plugin can run on another machine. This separation also keeps the AI-facing interface consistent regardless of the decompiler’s location.
Transport-wise, the repo supports stdio (standard input/output) or HTTP for the MCP interface facing the LLM, while internally communicating with the JADX plugin over HTTP. This choice reflects common tradeoffs between integration simplicity (stdio) and networked flexibility (HTTP).
The MCP tools exposed are comprehensive and clearly designed to cover the core needs of Android APK reverse engineering. The server’s Python implementation means it’s accessible for extension or integration with other AI tools.
However, the repo comes with limitations. There are no concrete installation instructions or quickstart commands beyond a brief “Getting Started” section, which mainly documents flags and connection details. Performance benchmarks or real-world usage metrics are also absent, so the operational characteristics in production-like scenarios remain unknown.
The code quality appears solid from the architectural perspective, with clean separation of concerns. The server listens on configurable addresses and ports, and the flexibility in transport and connection settings suggests thoughtful design for real-world use cases.
Getting started with jadx-mcp-server
The README’s installation and quickstart details are minimal but informative about usage patterns. Here is the exact “Getting Started” excerpt explaining the server’s connection model and flags:
## 🛠️ Getting Started
READ HERE
Demo: **Perform Code Review to Find Vulnerabilities locally**
https://github.com/user-attachments/assets/4cd26715-b5e6-4b4b-95e4-054de6789f42
### Advanced CLI Options — Understanding the Flags
There are **two separate connections** and each has its own host/port:
┌─────────────┐ –host / –port ┌──────────────────┐ –jadx-host / –jadx-port ┌──────────────────┐ │ LLM Client │ ◄──────────────────► │ jadx-mcp-server │ ──────────────────────────► │ JADX-GUI Plugin │ │ (Claude, │ Where the MCP server │ │ Where the MCP server looks │ (jadx-ai-mcp) │ │ Codex..) │ LISTENS for clients │ │ for the JADX plugin │ │ └─────────────┘ └──────────────────┘ └──────────────────┘
| Flag | Default | Controls |
|------|---------|----------|
| `--http` | off | Use HTTP transport instead of stdio |
| `--host` | `127.0.0.1` | **Where the MCP server listens** (bind address for LLM clients) |
| `--port` | `8651` | **Which port the MCP server listens on** |
| `--jadx-host` | `127.0.0.1` | **Where to find the JADX plugin** (the target JADX-GUI machine) |
| `--jadx-port` | `8650` | **Which port the JADX plugin is on** |
The README also includes an example usage scenario where everything runs on the same machine, which is the most common setup.
This minimal guidance means users must have some familiarity with MCP servers, networked services, and the JADX environment to get up and running. The repo expects users to install the JADX-GUI plugin separately (likely from the Zin MCP Suite), but explicit setup instructions are not provided here.
who should consider using jadx-mcp-server?
jadx-mcp-server is a practical tool for reverse engineers, security researchers, and Android analysts who want to integrate AI assistance directly into their decompilation workflow. It opens the door for AI-driven vulnerability detection, deobfuscation, static analysis, and interactive debugging on APKs.
The repo’s architecture is flexible and robust enough to support different deployment models, but it requires some hands-on setup and familiarity with MCP concepts and the JADX environment.
Its limitations include the absence of detailed installation instructions, no performance benchmarks, and the need to manually configure the connections and plugin integration. This means it’s not a plug-and-play tool; expect some initial setup effort.
For projects that can absorb this overhead, jadx-mcp-server offers a neat, Python-based bridge combining AI with one of the most popular Android decompilers. The codebase’s modularity and openness also make it a good starting point for building custom AI-augmented reverse engineering tools.
Overall, it’s a solid example of applying MCP to connect AI assistants with live reverse engineering tools, worth understanding even if you don’t adopt it directly.
→ GitHub Repo: zinja-coder/jadx-mcp-server ⭐ 615 · Python