JADX MCP Server

JADX‑AI‑MCP is a Model Context Protocol (MCP) server that bridges the powerful static analysis capabilities of the open‑source JADX decompiler with large language models such as Claude. By exposing a rich set of MCP tools, the server lets an LLM “see” the full decompiled view of an Android APK—its classes, methods, smali code, and even the manifest’s main activity—and interact with it in real time. This tight coupling removes the usual friction between reverse‑engineering workflows and AI assistants, enabling developers to ask questions, request targeted code reviews, or hunt for vulnerabilities without leaving their IDE.

The server solves a common pain point in mobile security research: the need to manually sift through thousands of decompiled files before an LLM can provide meaningful insights. With MCP, the assistant can retrieve exactly the snippet it needs—whether that’s a single method, all fields of a class, or the entire source of the main application—using concise function calls. The result is a fluid “decompile → context‑aware analysis → AI recommendation” loop that speeds up both manual reviews and automated scans. Developers can trigger a quick vulnerability search, ask for refactoring suggestions, or generate documentation—all while the assistant stays anchored to the live decompiled project.

Key capabilities of the server include:

• Contextual source retrieval (, ) to fetch the full Java/Kotlin code of any class.
• Targeted method handling (, ) for focused analysis of individual routines.
• Project overview (, ) to provide a high‑level view of the APK’s structure.
• Smali access () for low‑level inspection of bytecode.
• Manifest integration (, ) to surface entry points and application‑wide logic.

These tools empower a variety of real‑world scenarios. Security analysts can launch an automated vulnerability scan that queries the server for suspicious patterns and receives actionable remediation advice. Mobile developers can use AI‑driven code reviews to catch style violations or potential bugs before committing changes. Reverse engineers can rapidly pivot between high‑level architecture and low‑level smali, guided by an LLM’s natural language prompts.

Integration is straightforward for MCP‑aware clients. The server runs as a lightweight Python process and communicates over HTTP, while the JADX plugin forwards user interactions to the server. Once connected, any MCP client—whether a custom UI, a chat‑based LLM interface, or a script—can invoke the exposed tools. This modular design means you can swap in a different LLM or extend the server with new utilities without touching the decompiler itself.

In summary, JADX‑AI‑MCP transforms static Android analysis into an interactive AI experience. By exposing a rich, context‑aware API through MCP, it gives developers and security researchers the power to ask high‑level questions while still grounding answers in the exact source or smali code of their target APK. The result is faster, more accurate reviews and a smoother workflow that blends traditional reverse engineering with the latest advances in large‑language models.