Decompilation of Blazor Wasm PWA

Question

Please excuse the long text, but I already tested much and want to share the results.

I am currently looking for an obfuscator for my Blazor Wasm PWA with ahead-of-time-compilation enabled. But first, I wanted to find out, what decompilation actually reveals.
So, I created a publish build to folder. This folder contains the files MyApp.dll as well as dotnet.wasm. Inspecting MyApp.dll with dotPeek and ILSpy reveals all code. I can also see, that MyApp.dll is uploaded to Netlify and downloading it from Netlify (not the published website, but from app.netlify.com) and comparing it with the local file, shows me that they are identical.
Now, I loaded the website and in the DevTools Network tab, I see that a file MyApp.dll was downloaded. I was not able to download this file manually, because

• "Rightclick > Download" does not exist,
• opening the path "https://.../_framework/MyApp.dll" only opens the app and reports "Sorry, there is nothing at this address" and
• in the DevTools Sources tab, the file is not listed.

So, I used the tool ChromeCacheView that showed me that a file MyApp.dll is stored in C:\Users...\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data. But this file is significantly smaller than the file in my publish folder: 4496KB vs. 341KB. I tried to open the smaller file with dotPeek and ILSpy but both were not able to read anything:

"unmanaged assembly, limited support"

and

"This file does not contain a managed assembly."

Next, I asked ChatGPT, what's going on here and it said, that due to the AOT compilation it could be, that parts of my code are directly compiled into above mentioned dotnet.wasm.

Is this true? If so, why is there even a MyApp.dll and how can it be of different file size? And if the app's logic is really compiled into dotnet.wasm, do I even need an obfuscator? I mean, it is probably even possible to decompile .wasm files, but variable names lile e. g. var hourlyRate = 999d; should not be visible.