Do I need to have Jadx installed locally to use this skill?

Yes, this skill provides the logic and commands for Claude to interact with Jadx, but you must have the Jadx CLI and Java Runtime Environment (JRE) installed on your machine.

Can this skill handle obfuscated Android apps?

Yes, the Jadx skill includes specialized commands using the --deobf flag to rename obfuscated classes and attempt to recover meaningful names for better readability.

How do I search for secrets after decompiling an APK?

The skill provides automated grep patterns to search the decompiled source code for API keys, passwords, tokens, and hardcoded URLs.

What is the main advantage of using Jadx over Apktool?

While Apktool produces Smali code, Jadx converts DEX bytecode directly into readable Java source code, making logical analysis and vulnerability discovery significantly easier.

Can I use this for IoT security research?

Absolutely. It includes specific workflows tailored for analyzing IoT companion apps to discover device endpoints, API structures, and authentication mechanisms.

Jadx Android Decompiler

Name: Jadx Android Decompiler
Author: BrownFineSecurity

byBrownFineSecurity

•

494

セキュリティとテスト

Decompiles Android APK files into readable Java source code to facilitate security audits and application analysis.

概要

The Jadx skill for Claude Code empowers security researchers and developers to reverse engineer Android applications by converting DEX bytecode into clean, human-readable Java source code. It provides specialized workflows for identifying hardcoded credentials, uncovering security vulnerabilities like SQL injection, and analyzing IoT companion app communication. By streamlining complex CLI commands and offering pre-configured search patterns for sensitive data, this skill makes it easier to perform deep-dive code reviews and understand application internals directly within your terminal environment.

主な機能

494 GitHub stars
Pre-configured search patterns for API keys, passwords, and secrets
High-quality DEX to Java decompilation producing readable source code
Advanced deobfuscation to clarify minified class and method names
Gradle project export for rebuilding or modifying existing apps
Resource extraction including AndroidManifest.xml and layout files

ユースケース

Reverse engineering IoT companion apps to discover device endpoints and protocols
Performing security audits to find vulnerabilities and hardcoded credentials in mobile apps
Analyzing third-party SDKs to understand undocumented behaviors and data flow

概要

主な機能

494 GitHub stars
Pre-configured search patterns for API keys, passwords, and secrets
High-quality DEX to Java decompilation producing readable source code
Advanced deobfuscation to clarify minified class and method names
Gradle project export for rebuilding or modifying existing apps
Resource extraction including AndroidManifest.xml and layout files

ユースケース

Reverse engineering IoT companion apps to discover device endpoints and protocols
Performing security audits to find vulnerabilities and hardcoded credentials in mobile apps
Analyzing third-party SDKs to understand undocumented behaviors and data flow