← Back to Skills

Jadx

🌐Community
by brownfinesecurity · vlatest · Repository

Jadx decompiles Android APKs into Java source code, aiding reverse engineering and understanding app logic for security analysis & debugging.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add jadx npx -- -y @trustedskills/jadx
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "jadx": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/jadx"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill enables AI agents to decompile Android APK files into readable Java source code using Jadx, a dex to Java decompiler. It converts DEX bytecode into Java code, facilitating security analysis, vulnerability discovery, and understanding of app internals. Unlike tools that produce smali code, Jadx generates standard Java code which is easier to read and analyze.

When to use it

  • Security Analysis: Identify potential vulnerabilities within Android applications.
  • Reverse Engineering: Understand the logic and control flow of an application's code.
  • Discovering Secrets: Locate hardcoded credentials, API keys, or URLs within the app.
  • Analyzing Implementations: Examine encryption and authentication methods used by the app.
  • Automated Analysis: Integrate decompilation into automated workflows, CI/CD pipelines (using the CLI).

Key capabilities

  • Converts DEX bytecode to Java source code.
  • Provides both a command-line interface (CLI) and a graphical user interface (GUI).
  • Supports multi-threaded decompilation for faster processing.
  • Offers deobfuscation options to improve code readability, including renaming obfuscated classes.
  • Allows skipping resources or source code during decompression for performance optimization.

Example prompts

  • "Decompile this APK file: app.apk and save the output to a directory named app-decompiled."
  • "Decompile app.apk with deobfuscation enabled, saving the output to app-decompiled."
  • "Can you analyze the decompiled code of app.apk for potential vulnerabilities?"

Tips & gotchas

  • Prerequisites: Jadx (and optionally jadx-gui) and a Java Runtime Environment (JRE) must be installed.
  • Disk Space: Decompiled output can be significantly larger than the original APK file (typically 3-10 times).
  • Deobfuscation is Recommended: For obfuscated apps, using the --deobf flag will greatly improve code readability.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
brownfinesecurity
Installs
59
Repository (canonical source) →

🌐 Community

Passed automated security scans.