Summary

This project provides a Python-based MCP server designed to integrate Large Language Models (LLMs) with the JADX Android decompiler. It enables AI-driven analysis of Android APKs, facilitating vulnerability detection, manifest parsing, and deep reverse engineering by allowing LLMs to interact with the decompiled code context in real-time. The suite targets security researchers, malware analysts, and software engineers needing advanced, automated code understanding capabilities.

How It Works

The system comprises a standalone Python server (JADX-MCP-SERVER) that communicates with a specialized JADX decompiler plugin (JADX-AI-MCP) via the Model Context Protocol (MCP). This architecture allows LLM clients to invoke tools that interact with the JADX GUI, enabling live data gathering and action execution on decompiled Android applications. The approach offers context-aware AI assistance directly within the reverse engineering workflow, bridging the gap between static analysis and intelligent code interpretation.

Quick Start & Requirements

• Installation: Setup involves integrating the JADX-AI-MCP plugin with JADX and running the Python JADX-MCP-SERVER. Specific commands are not detailed, but setup guidance is available via linked demos and release pages.
• Prerequisites: Java 11+ and Python 3.10+.
• Dependencies: Core dependencies include Javalin, SLF4J (Java), fastmcp, and httpx (Python).
• Links:
  • JADX-AI-MCP Releases: https://github.com/zinja-coder/jadx-ai-mcp/releases
  • Demo: "Perform Code Review to Find Vulnerabilities locally" demo link provided.

Highlighted Details

• Extensive MCP Toolset: Offers over 30 functions for code inspection, manifest retrieval, resource analysis, and debugger interaction.
• AI-Powered Analysis: Supports LLMs for tasks like vulnerability detection, code explanation, deobfuscation, and static analysis.
• Real-time Debugging Assistance: Integrates with JADX debugger to provide insights into stack frames, threads, and variables.
• Future Roadmap: Includes planned support for apktool, Hermes code, and Docker, aiming for a unified MCP server for comprehensive Android RE.

Maintenance & Community

The project lists several contributors and acknowledges dependencies on the JADX decompiler. While specific community channels like Discord/Slack are not mentioned, the roadmap indicates ongoing development.

Licensing & Compatibility

The project inherits the Apache 2.0 License from the JADX repository. This license is permissive, generally allowing for commercial use and integration into closed-source projects.

Limitations & Caveats

The system's LLM integration has been primarily tested with Claude Desktop; compatibility with other LLMs may vary. The project relies on a modified JADX plugin, and the roadmap indicates several features are still under development. A strict legal disclaimer emphasizes that the tools are for educational, research, and ethical security assessment purposes only, with users assuming full responsibility for compliance and authorized usage.