Android Reverse Engineering Server
БесплатноНе проверенA Python MCP server that decompiles Android APK/XAPK/JAR/AAR files and extracts HTTP APIs used by the app.
Описание
A Python MCP server that decompiles Android APK/XAPK/JAR/AAR files and extracts HTTP APIs used by the app.
README
A Python MCP server (FastMCP) that decompiles Android APK/XAPK/JAR/AAR files and extracts the HTTP APIs used by the app — Retrofit endpoints, OkHttp calls, hardcoded URLs, authentication patterns — so you can document and reproduce them without the original source code.
What it does
- Decompiles APK, XAPK, JAR, and AAR files using jadx and Fernflower/Vineflower (single engine or side-by-side comparison)
- Extracts and documents APIs: Retrofit endpoints, OkHttp calls, hardcoded URLs, auth headers and tokens
- Traces call flows from Activities/Fragments through ViewModels and repositories down to HTTP calls
- Analyzes app structure: manifest, packages, architecture patterns
- Handles obfuscated code: strategies for navigating ProGuard/R8 output
Requirements
Required:
- Python 3.10+
- Java JDK 17+
- jadx (CLI)
Optional (recommended):
- Vineflower or Fernflower — better output on complex Java code
- dex2jar — needed to use Fernflower on APK/DEX files
See docs/references/setup-guide.md for detailed installation instructions.
MCP Server Usage
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python server.py
The server runs over stdio by default (FastMCP). Configure your MCP client to launch python server.py in this repository.
Add to Claude Desktop
- Open Claude Desktop settings and locate the MCP servers configuration file.
Common locations (may vary by install):
- macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
- Windows: %APPDATA%\Claude\claude_desktop_config.json
- Linux: ~/.config/Claude/claude_desktop_config.json
- Add a server entry like this (update the path to your repo):
{
"mcpServers": {
"android-reverse-engineering": {
"command": "python3",
"args": ["server.py"],
"cwd": "/Users/yourname/path/android-reverse-engineering-mcp-server"
}
}
}
- Restart Claude Desktop.
Add to VS Code
- Install an MCP-compatible extension (such as an MCP client extension).
- Add a server entry using the same command/args/cwd as above.
- Restart VS Code and enable the server in the extension UI.
MCP Tools
check_dependencies— runs scripts/check-deps.sh and returns missing required/optional toolsinstall_dependency— runs scripts/install-dep.sh for a named dependencydecompile— wraps scripts/decompile.sh with engine/flagsfind_api_calls— wraps scripts/find-api-calls.sh for Retrofit/OkHttp/URL/auth searchesworkflow— runs dependency check, decompile, and API scan in one step
Workflow output schema: docs/workflow-schema.json
Manual Scripts
The scripts can also be used standalone:
# Check dependencies
bash scripts/check-deps.sh
# Install a missing dependency (auto-detects OS and package manager)
bash scripts/install-dep.sh jadx
bash scripts/install-dep.sh vineflower
# Decompile APK with jadx (default)
bash scripts/decompile.sh app.apk
# Decompile XAPK (auto-extracts and decompiles each APK inside)
bash scripts/decompile.sh app-bundle.xapk
# Decompile with Fernflower
bash scripts/decompile.sh --engine fernflower library.jar
# Run both engines and compare
bash scripts/decompile.sh --engine both --deobf app.apk
# Find API calls
bash scripts/find-api-calls.sh output/sources/
bash scripts/find-api-calls.sh output/sources/ --retrofit
bash scripts/find-api-calls.sh output/sources/ --urls
References
- jadx — Dex to Java decompiler
- Fernflower — JetBrains analytical decompiler
- Vineflower — Fernflower community fork
- dex2jar — DEX to JAR converter
- apktool — Android resource decoder
Disclaimer
This tool is provided strictly for lawful purposes, including but not limited to:
- Security research and authorized penetration testing
- Interoperability analysis permitted under applicable law (e.g., EU Directive 2009/24/EC, US DMCA §1201(f))
- Malware analysis and incident response
- Educational use and CTF competitions
You are solely responsible for ensuring that your use of this tool complies with all applicable laws, regulations, and terms of service. Unauthorized reverse engineering of software you do not own or do not have permission to analyze may violate intellectual property laws and computer fraud statutes in your jurisdiction.
The authors disclaim any liability for misuse of this tool.
License
Apache 2.0 — see LICENSE
from github.com/vichhka-git/android-reverse-engineering-mcp-server
Установка Android Reverse Engineering Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/vichhka-git/android-reverse-engineering-mcp-serverFAQ
Android Reverse Engineering Server MCP бесплатный?
Да, Android Reverse Engineering Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Android Reverse Engineering Server?
Нет, Android Reverse Engineering Server работает без API-ключей и переменных окружения.
Android Reverse Engineering Server — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Android Reverse Engineering Server в Claude Desktop, Claude Code или Cursor?
Открой Android Reverse Engineering Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Android Reverse Engineering Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
