Thanks @Buranek, I didn't go through the "hard way" process since it is as you say very complicated
If @ildar.mulyukov remembered his password, exporting the personal key and importing it again in the new ROM could have been enough to copy his account. So the only thing to copy manually is the messages.db file.
Actually we do use SHA-1, but we use it to derive a complex enough passphrase to be used for key decryption. The passphrase entered by the user is not used directly.
I'm not sure how to do it without taking out another layer of security. Suggestions are very welcome