How do bot / third party clients circumvent the rs clients weekly re-obfuscation?

So i get how reflection works and i see how it is possible to, say, take some sort of small (unobfuscated) java game and write a third party client / bot for it by just inspecting it and then writing an application that hooks certain methods / fields at runtime using the built in java reflection library (or any reflection library, i guess) to alter / interact with them.

What i dont understand however is how you can do this for a game that continuously gets re-obfuscated every week or so (like the runescape client)? of course you can reverse engineer obfuscated code, but that takes time and when it gets re-obfuscated you lose all your progress (because all the fields / methods change). So you'll never really get far.
I cant find an answer to this anywhere and it doesn't help that most bot clients are closed source and runelite is hiding its deobfuscator.

So i was just wondering does anybody here know how its done?

I cant remember where but i read somewhere that the way they work is by "fingerprinting" the methods of the client, by storing the literal bytecode instructions they contain as well as the order of the instructions. Then whenever a new reobfuscated version of the rs client gets released they can simply run an "updater" program that searches through the new obfuscated client and if it finds a method with the same bytecode instructions in the same order, it renames that method to the old one that they reverse engineered and that their bot hooks to. Meaning they can continue to hook into obfuscated methods until the literal contents of the method changes.
This kinda of seems like it answers the question, but there is a big problem with it which is that this would only work if all jagex's obfuscator did was change the symbol names of the client and nothing else, but, surely, it actually does alot more than that. Like merging and splitting functions and classes randomly, inserting dead codepaths, and other shenanigans. This would effectively change the bytecode contents of all methods between re-obfuscations meaning this technique wouldn't work, right?