Let me give you a heads up. A color bot hacks the canvas to get the canvas image or uses native like SCAR to identify the frame and leech the graphics through-out graphics buffer. From there it uses bitmap finding algorithms or pattern algorithms. These are an array of pixels to identify. For text they use OCR with a neural network or pattern matcher. In general they use pattern matching in different colorspaces such as HSV/HSL or RGB. To identify stuff in the inventory they use coordinates and run pattern matching algorithm in the bounding rect. Injection bots use a bytecode engineering library like BCEL or ASM to edit the client's class files to they can identify which field belongs to what class. First they will download the client which are class files. They would decompile the class files to turn them back to java files. When this is done they would refactor the fields and classes so the code looks readable. When the client is fully understood they search for bytecode patterns to identify these classes and fields. When you have a program that identifies these classes and fields you have yourself an updater. An injection bot will load the RuneScape client like the webpage setting an useragent when the client is downloaded these files get edited. Thanks to the updater we know which fields are what so we could do
Lets say the "Player" class is called aL and the field "Player health" is called wK
We could write this interface
public interface Player {
public int getPlayerHealth();
}
So we can add this interface to our aL (player class) throughout bytecode (basically we link our written interface to the client's class to "hook" our api with the original client) and inject the getter.
public class aL implements Player {
private int wK; //Obfuscated field
public int getPlayerHealth() {//Inherited from interface Player
return wK;
}
}
Remember we have 4 kinds of bots
Color - which uses the canvas' graphics to identify the current state of the player
Injection - which injects getters into the client to retrieve data
Inflection - which edits fields/classes to redirect information
Reflection - which "looks" at the loaded client's classes in the JVM and returns the information it contains (this has been become a lot harder, so you actually need a bit of injection/inflection to hack the loader of the client)
The loader of the client has basically became Jagex's legal security. When a new bot spawns they know they had to hack/decompile the loader which is illegal in some countries like the USA (look at Nexus iBot).
Seems like this post became longer and longer as I started typing