Content
# Tool List
<div align="center">
⚡ Android APK Automation Reverse Engineering Tool Suite based on Model Context Protocol (MCP)
[](https://www.python.org/)
[](https://openjdk.org/)
[](https://www.apache.org/licenses/LICENSE-2.0)
</div>
---
## Project Introduction
This project is a collection of Android reverse engineering tools connected through the **MCP (Model Context Protocol)** protocol, enabling intelligent APK analysis and modification by integrating AI assistants with professional Android decompilation tools.
### Included Components
| Component | Description | Path |
|------|------|------|
| **JADX MCP Server** | MCP server integrated with JADX-GUI, providing real-time decompilation analysis | `tools/jadx/` |
| **APKTool MCP Server** | MCP server based on APKTool, supporting APK decoding/encoding and Smali modification | `tools/apktool/` |
| **ADB MCP Server** | Android Debug Bridge MCP server, providing device management and debugging capabilities | `tools/adb/` |
| **Sign Tools MCP Server** | APK signing tool MCP server, supporting key management and signature verification | `tools/sign-tools/` |
| **Static Analyzer** | Enhanced static analysis tool, providing permission, string, and SDK identification | `tools/static-analyzer/` |
| **Diff Tool** | File comparison tool, supporting APK, Smali, and resource file comparisons | `tools/diff/` |
| **Frida MCP Server** | Dynamic instrumentation analysis tool, supporting Hook and memory operations | `tools/frida/` |
---
## Features
### JADX MCP Server
- Real-time retrieval of currently selected class code
- Search classes, methods, and fields
- Retrieve AndroidManifest.xml content
- Retrieve resource files (e.g., strings.xml)
- Rename classes/methods/fields/variables (code refactoring)
- Debugger integration (retrieve stack frames, threads, and variables)
- Cross-reference analysis (find references to classes/methods/fields)
- Support paginated queries for large result sets
### APKTool MCP Server
- APK decoding and encoding (decompilation/repackaging)
- Smali code browsing and modification
- Resource file management
- Project structure analysis
- File content search
- Automatic backup mechanism
- Workspace management
### ADB MCP Server
- Device connection status management
- APK installation/uninstallation
- Application package information query
- Log capture (logcat)
- Shell command execution
- File transfer (push/pull)
- Screenshot
- Application launch/stop control
### Sign Tools MCP Server
- Keystore generation and management
- APK signing (V1/V2/V3)
- Signature verification
- zipalign optimization
- Key information query
### Static Analyzer
- Permission analysis (identify dangerous permissions)
- String resource extraction
- URL/IP/API endpoint extraction
- Third-party SDK identification
- Comprehensive static analysis report
### Diff Tool
- APK file comparison
- Smali file line-by-line comparison
- Resource directory comparison
- Generic text file comparison
### Frida MCP Server
- Process list and attachment
- JavaScript script injection
- Function Hook
- Network request interception
- Memory scanning and read/write
- Module enumeration
---
## System Requirements
| Environment | Version Requirements |
|------|----------|
| Windows | Windows 10/11 |
| Python | 3.10 or higher |
| Java | OpenJDK 17 (included in tools/bin/jre) |
| Memory | Recommended 8GB or higher |
---
## Quick Start
### 1. Install Dependencies
Use the unified command-line tool to install all dependencies:
```bash
# Install dependencies for all tools
python apkmcp.py install
# Or install dependencies for a specific tool
python apkmcp.py install apktool
```
### 2. Generate MCP Configuration
```bash
# Generate MCP configuration file (saved to .trae/config.json)
python apkmcp.py config
# Preview configuration content
python apkmcp.py config -p
# Save to a specified path
python apkmcp.py config -o my-config.json
```
### 3. Start MCP Servers
#### Method 1: Using the Unified Command-Line Tool (Recommended)
```bash
# Check tool status
python apkmcp.py status
# List all tools
python apkmcp.py list
# Start a specific tool
python apkmcp.py start apktool
```
#### Method 2: Using Startup Scripts
```bash
# Start all servers
python start_all_servers.py
# Start specific servers
python start_all_servers.py --servers jadx,apktool,adb
# Use Windows batch script
start-servers.bat all
```
#### Method 3: Manual Startup
```bash
# Start JADX MCP Server (Java version)
cd tools/jadx
tools/bin/jre/bin/java.exe -jar server.jar
# Start APKTool MCP Server
python tools/apktool/server.py --workspace tools/workspace/apktool --apktool-path tools/bin/apktool.bat
# Start ADB MCP Server
python tools/adb/server.py --adb-path tools/bin/adb.exe
# Start Sign Tools MCP Server
python tools/sign-tools/server.py --workspace tools/workspace/sign-tools
# Start Static Analyzer
python tools/static-analyzer/server.py
# Start Diff Tool
python tools/diff/server.py
# Start Frida MCP Server
python tools/frida/server.py
```
---
## Configure MCP Client
### Trae IDE Configuration
When using this project with Trae IDE, the configuration is automatically generated in `.trae/config.json`, and all paths use relative paths:
```json
{
"mcpServers": {
"jadx-mcp-server": {
"type": "stdio",
"enabled": true,
"description": "JADX MCP Server - Java Decompilation Analysis",
"command": "tools/bin/jre/bin/java.exe",
"args": ["-jar", "tools/jadx/server.jar"]
},
"apktool-mcp-server": {
"type": "stdio",
"enabled": true,
"description": "APKTool MCP Server - APK Decoding/Encoding",
"command": "python",
"args": [
"tools/apktool/server.py",
"--workspace", "tools/workspace/apktool",
"--apktool-path", "tools/bin/apktool.bat"
]
},
"adb-mcp-server": {
"type": "stdio",
"enabled": true,
"description": "ADB MCP Server - Device Management and Debugging",
"command": "python",
"args": [
"tools/adb/server.py",
"--adb-path", "tools/bin/adb.exe"
]
},
"sign-tools-mcp-server": {
"type": "stdio",
"enabled": true,
"description": "Sign Tools MCP Server - APK Signing and Key Management",
"command": "python",
"args": [
"tools/sign-tools/server.py",
"--workspace", "tools/workspace/sign-tools"
]
},
"static-analyzer": {
"type": "stdio",
"enabled": true,
"description": "Static Analyzer - Permissions, Strings, and SDK Identification",
"command": "python",
"args": ["tools/static-analyzer/server.py"]
},
"diff-tool": {
"type": "stdio",
"enabled": true,
"description": "Diff Tool - APK, Smali, and Resource Comparisons",
"command": "python",
"args": ["tools/diff/server.py"]
},
"frida-mcp-server": {
"type": "stdio",
"enabled": true,
"description": "Frida MCP Server - Dynamic Instrumentation Analysis",
"command": "python",
"args": ["tools/frida/server.py"]
}
}
}
```
Configuration instructions:
- All paths use **relative paths**, and the project can be moved to any location for use.
- Running `python apkmcp.py config` can automatically regenerate the configuration.
---
## Example Usage
### Analyze APK File
```
# Use APKTool MCP Server to decode APK
Please help me decode the APK file test.apk
# After analysis, you can view:
- AndroidManifest.xml
- Smali code
- Resource files
- Project structure
```
### Code Review and Security Analysis
```
# Use JADX MCP Server to analyze code
Please help me analyze if the currently selected class has security vulnerabilities
# Search for specific code patterns
Search for classes containing "AES" encryption
# Find references
Find which methods call the sendRequest method
```
### Device Debugging
```
# Use ADB MCP Server to connect to the device
List connected Android devices
# Install APK
Install APK file on the device
# Get logs
Capture application log information
```
### APK Signing
```
# Use Sign Tools MCP Server to generate keys
Generate a new keystore for signing
# Sign APK
Sign the modified APK
# Verify signature
Verify if the APK signature is correct
```
### Static Analysis
```
# Use Static Analyzer to analyze APK
Analyze APK permissions and potential risks
# Extract strings
Extract all string resources from APK
# Identify SDKs
Identify third-party SDKs used in APK
```
### File Comparison
```
# Use Diff Tool to compare APK
Compare the original APK and modified APK
# Compare Smali files
Compare differences between two Smali files
```
### Dynamic Analysis
```
# Use Frida MCP Server for dynamic analysis
List running processes on the device
# Hook functions
Hook target application functions
# Intercept network requests
Intercept application network communication
```
---
## Prompt Templates
This project provides specialized prompt templates for APK reverse engineering analysis, facilitating quick analysis:
### Prompt Template File
📄 **File Location**: `prompt_template.md`
### Included Prompt Types
| Prompt | Purpose | Output Report |
|--------|------|----------|
| General APK Analysis | Comprehensive APK information extraction and analysis | `Analysis Report.md` |
| Ad Removal Specialized | Locate ad SDKs and removal solutions | `Ad Analysis Report.md` |
| Membership Cracking Specialized | Analyze membership verification mechanisms | `Membership Analysis Report.md` |
| Reinforcement Analysis Specialized | Identify reinforcement solutions and shelling suggestions | `Reinforcement Analysis Report.md` |
| Network Analysis Specialized | Analyze network communication and interception points | `Network Analysis Report.md` |
| Comprehensive Reverse Analysis | Complete reverse engineering process | `Reverse Analysis Report.md` |
### Usage
1. Open `prompt_template.md` file
2. Select the required prompt template
3. Copy to AI assistant
4. Replace `[APK file path]` and `[working directory]`
5. AI will automatically call MCP tools to execute analysis and generate reports
---
## Project Structure
```
ApkMCP-Auto/
├── .trae/
│ └── config.json # MCP configuration (automatically generated, relative paths)
├── tools/ # Unified tool directory
│ ├── adb/ # ADB MCP Server
│ │ ├── server.py
│ │ └── requirements.txt
│ ├── apktool/ # APKTool MCP Server
│ │ ├── server.py
│ │ └── requirements.txt
│ ├── bin/ # Binary tool directory
│ │ ├── adb.exe
│ │ ├── apktool.jar
│ │ ├── apktool.bat
│ │ ├── jadx-gui.exe
│ │ └── jre/ # Java runtime
│ ├── diff/ # Diff Tool
│ │ ├── server.py
│ │ └── requirements.txt
│ ├── frida/ # Frida MCP Server
│ │ ├── server.py
│ │ └── requirements.txt
│ ├── jadx/ # JADX MCP Server
│ │ ├── server.jar
│ │ └── requirements.txt
│ ├── sign-tools/ # Sign Tools MCP Server
│ │ ├── server.py
│ │ └── requirements.txt
│ ├── static-analyzer/ # Static Analyzer
│ │ ├── server.py
│ │ └── requirements.txt
│ └── workspace/ # Workspace
│ ├── apktool/
│ └── sign-tools/
├── apkmcp.py # Unified command-line tool
├── start_all_servers.py # Script to start all servers
├── start-servers.bat # Windows startup script
├── prompt_template.md # APK reverse analysis prompt template
└── README.md # This file
```
---
## Available MCP Tools
### JADX MCP Server Tools
| Tool Name | Function Description |
|--------|----------|
| `fetch_current_class` | Get currently selected class |
| `get_class_source` | Get specified class source code |
| `get_all_classes` | List all classes (support pagination) |
| `search_classes_by_keyword` | Search classes by keyword |
| `get_method_by_name` | Get specified method code |
| `get_methods_of_class` | List class methods |
| `get_fields_of_class` | List class fields |
| `get_smali_of_class` | Get class Smali code |
| `get_android_manifest` | Get AndroidManifest.xml |
| `get_strings` | Get string resources |
| `get_resource_file` | Get resource file content |
| `rename_class` | Rename class |
| `rename_method` | Rename method |
| `rename_field` | Rename field |
| `rename_variable` | Rename variable |
| `debug_get_stack_frames` | Get debug stack frames |
| `debug_get_variables` | Get debug variables |
| `get_xrefs_to_class` | Find class cross-references |
| `get_xrefs_to_method` | Find method cross-references |
### Tool List
### APKTool MCP Server Tools
| Tool Name | Function Description |
|--------|----------|
| `decode_apk` | Decode APK files |
| `build_apk` | Build APK from project |
| `get_manifest` | Get AndroidManifest.xml |
| `get_apktool_yml` | Get apktool.yml |
| `list_smali_directories` | List Smali directories |
| `list_smali_files` | List Smali files (support pagination) |
| `get_smali_file` | Get Smali file content |
| `modify_smali_file` | Modify Smali file |
| `list_resources` | List resource files |
| `get_resource_file` | Get resource file content |
| `modify_resource_file` | Modify resource file |
| `search_in_files` | Search in files |
| `analyze_project_structure` | Analyze project structure |
| `clean_project` | Clean project |
| `get_workspace_info` | Get workspace information |
| `health_check` | Health check |
### ADB MCP Server Tools
| Tool Name | Function Description |
|--------|----------|
| `health_check` | Server health check |
| `list_devices` | List connected devices |
| `get_device_info` | Get device detailed information |
| `install_apk` | Install APK file |
| `uninstall_package` | Uninstall app package |
| `get_package_info` | Get app package information |
| `get_logcat` | Get device log |
| `clear_logcat` | Clear log buffer |
| `execute_shell` | Execute shell command |
| `push_file` | Push file to device |
| `pull_file` | Pull file from device |
| `screenshot` | Take screenshot |
| `list_packages` | List installed apps |
| `start_activity` | Start activity |
| `force_stop_package` | Force stop app |
### Sign Tools MCP Server Tools
| Tool Name | Function Description |
|--------|----------|
| `health_check` | Server health check |
| `generate_keystore` | Generate keystore |
| `list_keystores` | List all keystores |
| `get_keystore_info` | Get keystore information |
| `delete_keystore` | Delete keystore |
| `sign_apk` | Sign APK file |
| `verify_signature` | Verify APK signature |
| `zipalign_apk` | Optimize APK alignment |
| `get_workspace_info` | Get workspace information |
### Static Analyzer Tools
| Tool Name | Function Description |
|--------|----------|
| `analyze_permissions` | Analyze permissions |
| `extract_strings` | Extract string resources |
| `extract_endpoints` | Extract URL/IP/API endpoints |
| `identify_sdks` | Identify third-party SDKs |
| `full_analysis` | Perform full analysis |
### Diff Tool Tools
| Tool Name | Function Description |
|--------|----------|
| `compare_apks` | Compare two APK files |
| `compare_smali` | Compare two Smali files |
| `compare_resources` | Compare two resource directories |
| `compare_text_files` | Compare two text files |
### Frida MCP Server Tools
| Tool Name | Function Description |
|--------|----------|
| `list_processes` | List running processes |
| `attach_process` | Attach to specified process |
| `spawn_process` | Spawn new process |
| `inject_script` | Inject JavaScript script |
| `hook_function` | Hook specified function |
| `intercept_network` | Intercept network requests |
| `scan_memory` | Scan memory |
| `read_memory` | Read memory |
| `write_memory` | Write memory |
| `enumerate_modules` | Enumerate loaded modules |
| `enumerate_exports` | Enumerate module exported functions |
## Technology Stack
- **Python 3.10+** - MCP Server development
- **FastMCP** - MCP protocol implementation
- **httpx** - HTTP client
- **APKTool 3.0+** - APK decompilation/repacking
- **JADX 1.5+** - Android Dex decompilation
- **Java 17** - JADX runtime environment
- **ADB** - Android Debug Bridge
- **Frida** - Dynamic instrumentation framework
## Command Line Parameters
### apkmcp.py Unified Command Line Tool
| Command | Description | Example |
|------|------|------|
| `status` | View tool status | `python apkmcp.py status` |
| `list` | List all tools | `python apkmcp.py list` |
| `config` | Generate MCP configuration | `python apkmcp.py config -p` |
| `install [tool]` | Install dependencies | `python apkmcp.py install apktool` |
| `start <tool>` | Start specified tool | `python apkmcp.py start apktool` |
### General Parameters for MCP Servers
| Parameter | Default Value | Description |
|------|--------|------|
| `--http` | False | Enable HTTP transport mode |
| `--host` | 127.0.0.1 | MCP server listening address |
| `--port` | Various tools have different ports | MCP server port |
### Default Ports for Tools
| Tool | Default Port |
|------|----------|
| JADX | 8651 |
| APKTool | 8652 |
| ADB | 8653 |
| Sign Tools | 8654 |
| Static Analyzer | 8655 |
| Diff Tool | 8656 |
| Frida | 8657 |
## Workflow
```
┌─────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ AI Assistant │◄───►│ MCP Server │◄───►│ JADX/APKTool │
│ (Claude, etc.) │ │ (Python FastMCP)│ │ (Java/Command Line) │
└─────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
│ 1. Send MCP request │ │
│────────────────────>│ │
│ │ 2. Call tool │
│ │─────────────────────>│
│ │ │
│ │ 3. Return result │
│ │<─────────────────────│
│ 4. Return MCP response │ │
│<────────────────────│ │
```
## Report Generation
After analysis using prompt templates, a structured Markdown report will be automatically generated:
### Report Types
| Report Name | Content | Save Location |
|----------|------|----------|
| `analysis_report.md` | General APK analysis report | `[working directory]/analysis_report.md` |
| `ad_analysis_report.md` | Ad SDK identification and removal plan | `[working directory]/ad_analysis_report.md` |
| `vip_analysis_report.md` | Membership verification mechanism analysis | `[working directory]/vip_analysis_report.md` |
| `obfuscation_analysis_report.md` | Obfuscation identification and unpacking plan | `[working directory]/obfuscation_analysis_report.md` |
| `network_analysis_report.md` | Network communication analysis | `[working directory]/network_analysis_report.md` |
| `reverse_analysis_report.md` | Comprehensive reverse engineering report | `[working directory]/reverse_analysis_report.md` |
### Report Content Structure
Each report typically includes:
1. **Executive Summary** - Analysis target and main findings
2. **Application Overview** - Basic information and technology stack
3. **Detailed Analysis** - Code location, logic analysis
4. **Solution** - Modification plan and implementation steps
5. **Risk Assessment** - Technical, security, and legal risks
6. **Appendix** - Code snippets, tool configurations
## Security Tips
1. **Only for legitimate security research and learning purposes**
2. **Only analyze applications with legitimate permissions**
3. **Do not bind MCP Server to public network addresses (be cautious when using `--host 0.0.0.0`)**
4. **APK modifications require re-signing to install**
5. **Remember to close MCP tool connections and release resources after analysis**
## License
This project is licensed under the **Apache License 2.0**.
## Acknowledgements
- [JADX](https://github.com/skylot/jadx) - Excellent Android decompilation tool
- [APKTool](https://github.com/iBotPeaches/Apktool) - Powerful APK decompilation/repacking tool
- [FastMCP](https://github.com/modelcontextprotocol/python-sdk) - Python MCP SDK
- [Anthropic MCP](https://github.com/anthropics/mcp) - Model Context Protocol
- [Frida](https://frida.re/) - Dynamic instrumentation toolkit
<div align="center">
**Made with ❤️ for Android Reverse Engineering**
</div>
