It appears that the operations performed on the left and right alphabets are linear given the output above. As such, Chaocipher is vulnerable to known-plaintext attacks.
But, given that the full keyspace is not realized during encryption, we should also be able to launch a key recovery attack and recover both alphabets if enough ciphertext is provided.
Which means, a ciphertext-only attack seems within reach. Famous last words of course, but I think this one is very practical.